944382ed3f2e239f4a2fd057248e1a2119d39c650a9cf560798bb8a3527d82c8 | Triage

Analysis

max time kernel
146s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 21:56

Sharing

Report Analysis Logs

General

Target

944382ed3f2e239f4a2fd057248e1a2119d39c650a9cf560798bb8a3527d82c8.dll
Size

3KB
MD5

3f617347725240f220fc065ede0032c6
SHA1

0a299f3c2c06757f46955c9a6150e28aad03d1a9
SHA256

944382ed3f2e239f4a2fd057248e1a2119d39c650a9cf560798bb8a3527d82c8
SHA512

fb9c44e7730bde924383b14c523dda12ac10e1e64f76e4d24f19f840dedb35e361846f3999fecaa6e3bd665eaced2f9578ef8fc9a6a06282fdac9420d4f46eb9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4120 wrote to memory of 1732	4120	rundll32.exe	80
PID 4120 wrote to memory of 1732	4120	rundll32.exe	80
PID 4120 wrote to memory of 1732	4120	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\944382ed3f2e239f4a2fd057248e1a2119d39c650a9cf560798bb8a3527d82c8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4120
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\944382ed3f2e239f4a2fd057248e1a2119d39c650a9cf560798bb8a3527d82c8.dll,#1
  2⤵
  PID:1732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads