e7acf6ac97f2acdfb0a94c91fd4df7047dcc4bae9614ffb8ff1f929dea0faa0f | Triage

Analysis

max time kernel
90s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 22:09

Sharing

Report Analysis Logs

General

Target

e7acf6ac97f2acdfb0a94c91fd4df7047dcc4bae9614ffb8ff1f929dea0faa0f.dll
Size

3KB
MD5

c85bf9812cb3c20c6136704222c47cd0
SHA1

25366b2ef7fda507069d4e31b5663f9a84d65e92
SHA256

e7acf6ac97f2acdfb0a94c91fd4df7047dcc4bae9614ffb8ff1f929dea0faa0f
SHA512

0fbf347f7d097fe4e45ffd373917ad0768685a95a61826c0ebee66c8a0928ec576073eebf4dab8b00f4eaf864869de9346cddf8c7d0e768a4c70b6bcecce646a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 5080	3368	rundll32.exe	76
PID 3368 wrote to memory of 5080	3368	rundll32.exe	76
PID 3368 wrote to memory of 5080	3368	rundll32.exe	76

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e7acf6ac97f2acdfb0a94c91fd4df7047dcc4bae9614ffb8ff1f929dea0faa0f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e7acf6ac97f2acdfb0a94c91fd4df7047dcc4bae9614ffb8ff1f929dea0faa0f.dll,#1
  2⤵
  PID:5080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads