ff80d895099c2ed6ba0b257b3702a30fad97f36a2863679221430c49bd150d05 | Triage

Analysis

max time kernel
169s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 22:00

Sharing

Report Analysis Logs

General

Target

ff80d895099c2ed6ba0b257b3702a30fad97f36a2863679221430c49bd150d05.dll
Size

4KB
MD5

5f1b9f5d5b4804215f9bcd795b6338a0
SHA1

3fa3c8aa820cd2c033b69d02fb38f3d07019c3ed
SHA256

ff80d895099c2ed6ba0b257b3702a30fad97f36a2863679221430c49bd150d05
SHA512

cf4d7e375086de8229dc9b9448a7cdefbd31bea3ec97dd9e4ae950dc58b7c537cc5eeacc678f248159ceb4bd0fa4767a47492c8cde45fabf5babd32d4c4a9a3c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5024 wrote to memory of 912	5024	rundll32.exe	81
PID 5024 wrote to memory of 912	5024	rundll32.exe	81
PID 5024 wrote to memory of 912	5024	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff80d895099c2ed6ba0b257b3702a30fad97f36a2863679221430c49bd150d05.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5024
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff80d895099c2ed6ba0b257b3702a30fad97f36a2863679221430c49bd150d05.dll,#1
  2⤵
  PID:912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads