8c96d9d6a869a8e23efce7adef49fa04343638d51aa9c0057379bc6e5e6a9799 | Triage

Analysis

max time kernel
154s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 23:30

Sharing

Report Analysis Logs

General

Target

8c96d9d6a869a8e23efce7adef49fa04343638d51aa9c0057379bc6e5e6a9799.dll
Size

3KB
MD5

8095e051d874ee43cbaa2cc7aff0b380
SHA1

c04fbf0a224b8a7ff9ea9bd0cb69b8878aff2706
SHA256

8c96d9d6a869a8e23efce7adef49fa04343638d51aa9c0057379bc6e5e6a9799
SHA512

f9f5b4c4203aacbb6a0b27fbeae75586c003dddd593d054e2ba1787499b7fd66d29660abedaf66bd311d22283ee9cc4bc2f6b831aea3fd9dae3196786ce31f17

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 3380	1660	rundll32.exe	82
PID 1660 wrote to memory of 3380	1660	rundll32.exe	82
PID 1660 wrote to memory of 3380	1660	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8c96d9d6a869a8e23efce7adef49fa04343638d51aa9c0057379bc6e5e6a9799.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8c96d9d6a869a8e23efce7adef49fa04343638d51aa9c0057379bc6e5e6a9799.dll,#1
  2⤵
  PID:3380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads