5fb1033c1a4232037e69265a65a7abd5afec4b0505bebddcf92527cf64091c5d | Triage

Analysis

max time kernel
231s
max time network
252s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 21:42

Sharing

Report Analysis Logs

General

Target

5fb1033c1a4232037e69265a65a7abd5afec4b0505bebddcf92527cf64091c5d.dll
Size

3KB
MD5

1f9ea821c93741c819672e9fce55f520
SHA1

4311dc5b1765e588c2528d95ff94f3d2279e37cd
SHA256

5fb1033c1a4232037e69265a65a7abd5afec4b0505bebddcf92527cf64091c5d
SHA512

66ff6ba0b3ec543837a5126c68a80a5bcda45aa7caa3f0a901cf714bf3cb0c8eb7d70a2de0aabee232e95169931baee19ef31cd53d315cfa3b3200d6d679d469

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 3500	2068	rundll32.exe	37
PID 2068 wrote to memory of 3500	2068	rundll32.exe	37
PID 2068 wrote to memory of 3500	2068	rundll32.exe	37

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5fb1033c1a4232037e69265a65a7abd5afec4b0505bebddcf92527cf64091c5d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5fb1033c1a4232037e69265a65a7abd5afec4b0505bebddcf92527cf64091c5d.dll,#1
  2⤵
  PID:3500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads