02995068f087fcfbeb0d0f7dcb7af01120b7fc7d388b04824026d41abb76d799 | Triage

Analysis

max time kernel
162s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 21:59

Sharing

Report Analysis Logs

General

Target

02995068f087fcfbeb0d0f7dcb7af01120b7fc7d388b04824026d41abb76d799.dll
Size

3KB
MD5

97ce4fba3079dab0e75f5d6ff66e6780
SHA1

3c74a2f8ba611c7f1135574cda89076e39d4603e
SHA256

02995068f087fcfbeb0d0f7dcb7af01120b7fc7d388b04824026d41abb76d799
SHA512

8fc04d8bab83b4afa4dfbe28aa2b1faa83392f00eba5ae4a437481d5d7932eb83af3002afbca42d433e9459d0dfc75260766ccb217c48a6e8ce6d646ff2f20af

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4844 wrote to memory of 1360	4844	rundll32.exe	79
PID 4844 wrote to memory of 1360	4844	rundll32.exe	79
PID 4844 wrote to memory of 1360	4844	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\02995068f087fcfbeb0d0f7dcb7af01120b7fc7d388b04824026d41abb76d799.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4844
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\02995068f087fcfbeb0d0f7dcb7af01120b7fc7d388b04824026d41abb76d799.dll,#1
  2⤵
  PID:1360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads