2a9fd09f4d0630f6709811fc67c7b71d7e4fcc69a0ad71496b7c1db1435858f1 | Triage

Analysis

max time kernel
74s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 21:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2a9fd09f4d0630f6709811fc67c7b71d7e4fcc69a0ad71496b7c1db1435858f1.dll
Size

3KB
MD5

41e67ee42b332766de8c9af7a89f10b0
SHA1

fedc17975c1a63258b49748008bb662789c57763
SHA256

2a9fd09f4d0630f6709811fc67c7b71d7e4fcc69a0ad71496b7c1db1435858f1
SHA512

32d0fa3ed280dbe410a1b3a7f94f858deb5e1307524545b6269e3b0b7808afefe270317ff5dc0fd3bd5ec557b81e15c9fda9dd881174f43b5150b39d1807e5ec

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 3260	2364	rundll32.exe	80
PID 2364 wrote to memory of 3260	2364	rundll32.exe	80
PID 2364 wrote to memory of 3260	2364	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2a9fd09f4d0630f6709811fc67c7b71d7e4fcc69a0ad71496b7c1db1435858f1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2a9fd09f4d0630f6709811fc67c7b71d7e4fcc69a0ad71496b7c1db1435858f1.dll,#1
  2⤵
  PID:3260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads