9b13587640b01d6c510185b60d0824d65429fbfc4f524aec3d327679bf26e588 | Triage

Analysis

max time kernel
148s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 23:29

Sharing

Report Analysis Logs

General

Target

9b13587640b01d6c510185b60d0824d65429fbfc4f524aec3d327679bf26e588.dll
Size

3KB
MD5

db71ccdbd2f6129409d79d1911e28c40
SHA1

9613c47aef07e89f63e6c6006e8d4b8681dc3e3c
SHA256

9b13587640b01d6c510185b60d0824d65429fbfc4f524aec3d327679bf26e588
SHA512

e53c82fca50deefe81d07ac87a84e7c75efde64bb91a7a1026c08329c798f616b0f42c8b75cb1667312f4b0b015254bbb15577efbce9f1b5a24b4b9f065aeda7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 2064	540	rundll32.exe	82
PID 540 wrote to memory of 2064	540	rundll32.exe	82
PID 540 wrote to memory of 2064	540	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b13587640b01d6c510185b60d0824d65429fbfc4f524aec3d327679bf26e588.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:540
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b13587640b01d6c510185b60d0824d65429fbfc4f524aec3d327679bf26e588.dll,#1
  2⤵
  PID:2064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads