4d300c2941584445f4a8ab1b66ce6291ef6f0b69c0541a97aecc8e198ceb69d8 | Triage

Analysis

max time kernel
198s
max time network
265s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 21:57

Sharing

Report Analysis Logs

General

Target

4d300c2941584445f4a8ab1b66ce6291ef6f0b69c0541a97aecc8e198ceb69d8.dll
Size

3KB
MD5

59e8cae4c7ee92dcf3a53c6321e3a0c0
SHA1

369334377f162f18c2af567854b7c0e51743abfc
SHA256

4d300c2941584445f4a8ab1b66ce6291ef6f0b69c0541a97aecc8e198ceb69d8
SHA512

45ab9c7aa0a079a249dcd0d542387183e79ee95c5b3212df3c137a1bf4e2dd6cb14ae07d311b044bc97410b2313d43009b22560746554f3b0c7f17262ef869d7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 100	1328	rundll32.exe	80
PID 1328 wrote to memory of 100	1328	rundll32.exe	80
PID 1328 wrote to memory of 100	1328	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d300c2941584445f4a8ab1b66ce6291ef6f0b69c0541a97aecc8e198ceb69d8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d300c2941584445f4a8ab1b66ce6291ef6f0b69c0541a97aecc8e198ceb69d8.dll,#1
  2⤵
  PID:100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads