12fc21fd507654e9963234ea860f49a40a22a1c48922db8c69534a2daaf00857 | Triage

Analysis

max time kernel
202s
max time network
211s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 21:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

12fc21fd507654e9963234ea860f49a40a22a1c48922db8c69534a2daaf00857.dll
Size

3KB
MD5

13bfb8f2ffe74a26dba96723508677d0
SHA1

f83dbc5e5b2a5286307fc65e028d542df78e0800
SHA256

12fc21fd507654e9963234ea860f49a40a22a1c48922db8c69534a2daaf00857
SHA512

f62511e66424437d9efa2175f84f6f7ca494137ce7881ebcb422dd739ddfdd20763197b88961712ff1e3e53cfd666cf53cf35d50e4f843b10c3e9c088b41fc4c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4020 wrote to memory of 3924	4020	rundll32.exe	47
PID 4020 wrote to memory of 3924	4020	rundll32.exe	47
PID 4020 wrote to memory of 3924	4020	rundll32.exe	47

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12fc21fd507654e9963234ea860f49a40a22a1c48922db8c69534a2daaf00857.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\12fc21fd507654e9963234ea860f49a40a22a1c48922db8c69534a2daaf00857.dll,#1
  2⤵
  PID:3924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads