ebd33e795bd8caf22ec8f4efd13ab24cd2bc0e58be47191dd2334a605d3b27e7 | Triage

Analysis

max time kernel
138s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 22:07

Sharing

Report Analysis Logs

General

Target

ebd33e795bd8caf22ec8f4efd13ab24cd2bc0e58be47191dd2334a605d3b27e7.dll
Size

4KB
MD5

5294757e20fac6bcc6e90b29c6b3ede0
SHA1

f85b046b7ecaf75964bd4505372a08143501017a
SHA256

ebd33e795bd8caf22ec8f4efd13ab24cd2bc0e58be47191dd2334a605d3b27e7
SHA512

cb8710867a463974a55be8b49e9c227d032006b1533ae8e7a0d6446f4652614376d6f0a6367647d1c46baf31304fd746771da8d3d4dc903fc21759c98d71498a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 960 wrote to memory of 4708	960	rundll32.exe	81
PID 960 wrote to memory of 4708	960	rundll32.exe	81
PID 960 wrote to memory of 4708	960	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ebd33e795bd8caf22ec8f4efd13ab24cd2bc0e58be47191dd2334a605d3b27e7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ebd33e795bd8caf22ec8f4efd13ab24cd2bc0e58be47191dd2334a605d3b27e7.dll,#1
  2⤵
  PID:4708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4708-132-0x0000000000000000-mapping.dmp

Download