4330edc723b156a888222c9bc39fa856e7f137df9cedd8294e8cc5abac7185c2 | Triage

Analysis

max time kernel
255s
max time network
331s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 21:50

Sharing

Report Analysis Logs

General

Target

4330edc723b156a888222c9bc39fa856e7f137df9cedd8294e8cc5abac7185c2.dll
Size

3KB
MD5

fc5a80d72fadf3528c564465c86ae6db
SHA1

8c636706516917219de9502fab2c1172a8f3a1e5
SHA256

4330edc723b156a888222c9bc39fa856e7f137df9cedd8294e8cc5abac7185c2
SHA512

7b200dde47ddc26be32cf19a686445de96b76f9702ab0b0751f4aa8ab96e7d1a471e3a2b8ee5e1450dfbbbfbee2e98a5d1b6688cb5ed19bd1c5f3251a53ff87c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4536 wrote to memory of 2324	4536	rundll32.exe	81
PID 4536 wrote to memory of 2324	4536	rundll32.exe	81
PID 4536 wrote to memory of 2324	4536	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4330edc723b156a888222c9bc39fa856e7f137df9cedd8294e8cc5abac7185c2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4330edc723b156a888222c9bc39fa856e7f137df9cedd8294e8cc5abac7185c2.dll,#1
  2⤵
  PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads