f59111d88cd559b7ed421f69c7d45a88748d3eb939ff39e0ef37ab4ccb046d8b | Triage

Analysis

max time kernel
83s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 22:04

Sharing

Report Analysis Logs

General

Target

f59111d88cd559b7ed421f69c7d45a88748d3eb939ff39e0ef37ab4ccb046d8b.dll
Size

3KB
MD5

ec8922a583022ea0232ec2a503da62f0
SHA1

4f29e16a6561cf2aa868f9342dd827dd99a96e48
SHA256

f59111d88cd559b7ed421f69c7d45a88748d3eb939ff39e0ef37ab4ccb046d8b
SHA512

56259878bb8932d51ff40778bde05ecb76f1eacf6d229c9e74cf316a2c4b855513a8361899f0a3a7a07d007dc5a64a69019d7badf5fa569ae22ce3412f671f1e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 2960	1688	rundll32.exe	81
PID 1688 wrote to memory of 2960	1688	rundll32.exe	81
PID 1688 wrote to memory of 2960	1688	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f59111d88cd559b7ed421f69c7d45a88748d3eb939ff39e0ef37ab4ccb046d8b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f59111d88cd559b7ed421f69c7d45a88748d3eb939ff39e0ef37ab4ccb046d8b.dll,#1
  2⤵
  PID:2960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads