ba59c27a31a7e155df6c9b2ffc006464bbd81c6ceac1a07109fcb230d1ac59fe | Triage

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 01:23

Sharing

Report Analysis Logs

General

Target

ba59c27a31a7e155df6c9b2ffc006464bbd81c6ceac1a07109fcb230d1ac59fe.dll
Size

3KB
MD5

9221ff0fefd8b92ef3796bf05c38a6e0
SHA1

94934973acc6db5cb1d4b4e305068978cfac090d
SHA256

ba59c27a31a7e155df6c9b2ffc006464bbd81c6ceac1a07109fcb230d1ac59fe
SHA512

bae875cd5f88a3d903bff92aa18d3522ca75cdf331b1983ade89ed8aebe8b44d1b94c7bae38d94313c1f657f13bbeb5685b3067c21c3e7e2cdd5dd415ae8e2a0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2360	2220	rundll32.exe	80
PID 2220 wrote to memory of 2360	2220	rundll32.exe	80
PID 2220 wrote to memory of 2360	2220	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba59c27a31a7e155df6c9b2ffc006464bbd81c6ceac1a07109fcb230d1ac59fe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba59c27a31a7e155df6c9b2ffc006464bbd81c6ceac1a07109fcb230d1ac59fe.dll,#1
  2⤵
  PID:2360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads