ac45093e3f8f56f2fccaa5441371f57ad26c88ce7fb2579164ef3f5df0afeb57 | Triage

Analysis

max time kernel
185s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 21:46

Sharing

Report Analysis Logs

General

Target

ac45093e3f8f56f2fccaa5441371f57ad26c88ce7fb2579164ef3f5df0afeb57.dll
Size

3KB
MD5

eb5406cb1a85b8e57b0f7b5972fa0292
SHA1

61b09d26503e0fcf98c6cd7b4bd07623d4b00343
SHA256

ac45093e3f8f56f2fccaa5441371f57ad26c88ce7fb2579164ef3f5df0afeb57
SHA512

e76ef9a039ee55cca585a08e09970b677ab4ddac613c2c75f8b16dd10f968e413afa228b7b66dbc5a056ab8da98fd02a517765f8feb4a58a7eb8d0cd9cfd2bda

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 4312	1808	rundll32.exe	78
PID 1808 wrote to memory of 4312	1808	rundll32.exe	78
PID 1808 wrote to memory of 4312	1808	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac45093e3f8f56f2fccaa5441371f57ad26c88ce7fb2579164ef3f5df0afeb57.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac45093e3f8f56f2fccaa5441371f57ad26c88ce7fb2579164ef3f5df0afeb57.dll,#1
  2⤵
  PID:4312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads