88e42a81204400406c5d5daf6835b044b6dfda92d39a14b627519c043131cb87 | Triage

Resubmissions

09-12-2022 21:32

221209-1dstxaed64 10

02-12-2022 18:04

221202-wnkttsag55 10

Analysis

max time kernel
91s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 18:04

Sharing

Report Analysis Logs

General

Target

349.dll
Size

600KB
MD5

a2c8f0195135c0ea77e12a20db571a38
SHA1

522f5bbd467765a4855395a5f65f517eb7f9b42f
SHA256

b403ccd5d11f898d0e183317d35785b8cc42884604fe934d8f70ea189abdc9dd
SHA512

15ce93148cd97cf4aeb5250e86fd2fe3405a0254cb06580f1f2af24a115e7723dad5e54a63a66ccecbc5ee844938e0618bdcb8c2717e1975bb21359d663369ca
SSDEEP

12288:QSUUEfo5I6/o2qgkpUdF9Msme0CWUdOWk4F:QSTiWDvLpRme0C0Wk4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4216 wrote to memory of 2952	4216	rundll32.exe	rundll32.exe
PID 4216 wrote to memory of 2952	4216	rundll32.exe	rundll32.exe
PID 4216 wrote to memory of 2952	4216	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\349.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4216

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\349.dll,#1
2⤵
PID:2952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2952-132-0x0000000000000000-mapping.dmp

Download