3bd159fa3751d33b07f26dc08f1922aa9b832f14403e07e4a3844e14444d7a48 | Triage

Analysis

max time kernel
229s
max time network
247s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 21:57

Sharing

Report Analysis Logs

General

Target

3bd159fa3751d33b07f26dc08f1922aa9b832f14403e07e4a3844e14444d7a48.dll
Size

3KB
MD5

56c1c68d4f766416a1de1f878ad31bc0
SHA1

83642d3cee3dc4a38c4e9374934f4a4f6069d681
SHA256

3bd159fa3751d33b07f26dc08f1922aa9b832f14403e07e4a3844e14444d7a48
SHA512

7fd447c4f1ebfa46d6ca0210a54caacd481d95684ee89a0f4bfe38dbcd2ee4c566b6bd3fdc972b2b2992415e1b05369f799b619cd4f2968fff0c9ef784308875

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 1392	2564	rundll32.exe	80
PID 2564 wrote to memory of 1392	2564	rundll32.exe	80
PID 2564 wrote to memory of 1392	2564	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3bd159fa3751d33b07f26dc08f1922aa9b832f14403e07e4a3844e14444d7a48.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3bd159fa3751d33b07f26dc08f1922aa9b832f14403e07e4a3844e14444d7a48.dll,#1
  2⤵
  PID:1392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads