2efc9cb1bf4d2d0a4eb140434a647c468de80bc2513efed6a8b306690a9e356e | Triage

Analysis

max time kernel
249s
max time network
336s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 21:58

Sharing

Report Analysis Logs

General

Target

2efc9cb1bf4d2d0a4eb140434a647c468de80bc2513efed6a8b306690a9e356e.dll
Size

3KB
MD5

cb0dcb63ffe219f25c12562e9fca1770
SHA1

fef0db1800dbaaa8fb989400e53d38e2787a4dcd
SHA256

2efc9cb1bf4d2d0a4eb140434a647c468de80bc2513efed6a8b306690a9e356e
SHA512

59b2c3d44a89bd5805f8f97cb92b18c2a6d333fa0f59f0133b13c4b368b88bd6c97562994cf1d50bc6fd2046cf9456a51b7997fe34bbb96927c375e98c058308

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 1900	2160	rundll32.exe	80
PID 2160 wrote to memory of 1900	2160	rundll32.exe	80
PID 2160 wrote to memory of 1900	2160	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2efc9cb1bf4d2d0a4eb140434a647c468de80bc2513efed6a8b306690a9e356e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2efc9cb1bf4d2d0a4eb140434a647c468de80bc2513efed6a8b306690a9e356e.dll,#1
  2⤵
  PID:1900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads