ba92ee956aeac37af70ad4d454888a85fa4d6a0324c51a62469dc408bd7928fe | Triage

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 21:44

Sharing

Report Analysis Logs

General

Target

ba92ee956aeac37af70ad4d454888a85fa4d6a0324c51a62469dc408bd7928fe.dll
Size

3KB
MD5

8fd10734ec74c884539d6657dcd9222d
SHA1

6b82eafba9290cb2396e1d2a1e3f556ab8b5b79d
SHA256

ba92ee956aeac37af70ad4d454888a85fa4d6a0324c51a62469dc408bd7928fe
SHA512

5bf72f0e7e9800befcce9b131d8fba3bc9857154941eca1cc09503898f1c6dba237d1872e299ad4f2e261d434180c23a6591bc8d08b8f529ac40028c366d3db6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 3368	1056	rundll32.exe	77
PID 1056 wrote to memory of 3368	1056	rundll32.exe	77
PID 1056 wrote to memory of 3368	1056	rundll32.exe	77

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba92ee956aeac37af70ad4d454888a85fa4d6a0324c51a62469dc408bd7928fe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba92ee956aeac37af70ad4d454888a85fa4d6a0324c51a62469dc408bd7928fe.dll,#1
  2⤵
  PID:3368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads