87d259244452be0d1d417dd8e367818d0a8c4c20f6ee4927d8eaf93a9e6bbf71 | Triage

Analysis

max time kernel
91s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 21:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

87d259244452be0d1d417dd8e367818d0a8c4c20f6ee4927d8eaf93a9e6bbf71.dll
Size

3KB
MD5

ef43979246a39509e714463c1d00d19d
SHA1

3c0225b644a8840babad18dab3ee8b9ba5e05877
SHA256

87d259244452be0d1d417dd8e367818d0a8c4c20f6ee4927d8eaf93a9e6bbf71
SHA512

2bd6ca16825e6f6c20dc667be5ce37b9e49462b3765a7bf845daedb1bb5fdd76dd051ca3fdd4e3bf884c5d977eb51344acd4f4d49868b77d32aea7386fa2a074

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 4900	1616	rundll32.exe	54
PID 1616 wrote to memory of 4900	1616	rundll32.exe	54
PID 1616 wrote to memory of 4900	1616	rundll32.exe	54

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\87d259244452be0d1d417dd8e367818d0a8c4c20f6ee4927d8eaf93a9e6bbf71.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\87d259244452be0d1d417dd8e367818d0a8c4c20f6ee4927d8eaf93a9e6bbf71.dll,#1
  2⤵
  PID:4900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads