a3b1464b5291e7d518c4b85b9baee829ff453df37f130fe0d00a39bac9faf41d | Triage

Analysis

max time kernel
91s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 21:47

Sharing

Report Analysis Logs

General

Target

a3b1464b5291e7d518c4b85b9baee829ff453df37f130fe0d00a39bac9faf41d.dll
Size

3KB
MD5

5a9bbd3dda5207836a41e579689c029f
SHA1

04c0a4058f95fd16c03a8c1aeb8e6d82fa8c678a
SHA256

a3b1464b5291e7d518c4b85b9baee829ff453df37f130fe0d00a39bac9faf41d
SHA512

9f31e0fb5029032fc233be9e239638f133acf0ee82883be0348486ef4e5664351edf6ff11fd64f6eeac23beb88588bda0651c2e322f1f1186c385acfb53326e8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 616 wrote to memory of 4344	616	rundll32.exe	67
PID 616 wrote to memory of 4344	616	rundll32.exe	67
PID 616 wrote to memory of 4344	616	rundll32.exe	67

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b1464b5291e7d518c4b85b9baee829ff453df37f130fe0d00a39bac9faf41d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:616
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b1464b5291e7d518c4b85b9baee829ff453df37f130fe0d00a39bac9faf41d.dll,#1
  2⤵
  PID:4344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4344-132-0x0000000000000000-mapping.dmp

Download