57863848a99d4cb9b3097b1387a164874b9e2b81f3405338ae346024c2b43fd5 | Triage

Analysis

max time kernel
151s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 19:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

57863848a99d4cb9b3097b1387a164874b9e2b81f3405338ae346024c2b43fd5.dll
Size

3KB
MD5

93293515b1c62976ea825876a99ddcf0
SHA1

10f17a7c105dc249068419613f443f1dc9c2bad4
SHA256

57863848a99d4cb9b3097b1387a164874b9e2b81f3405338ae346024c2b43fd5
SHA512

c76500d521071600dd04ae9a51c3f309b9aff70420820034bd64173262d305ebe7fdedb29e3709a04055f6de0d87fabeef59a27164180794d245586652fa2726

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4952 wrote to memory of 4880	4952	rundll32.exe	80
PID 4952 wrote to memory of 4880	4952	rundll32.exe	80
PID 4952 wrote to memory of 4880	4952	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\57863848a99d4cb9b3097b1387a164874b9e2b81f3405338ae346024c2b43fd5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4952
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\57863848a99d4cb9b3097b1387a164874b9e2b81f3405338ae346024c2b43fd5.dll,#1
  2⤵
  PID:4880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads