61357c3eeda3161658cc8f331ad4ed82f94437dfb80dc66c11f881a7279ccfda | Triage

Analysis

max time kernel
283s
max time network
344s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 23:31

Sharing

Report Analysis Logs

General

Target

61357c3eeda3161658cc8f331ad4ed82f94437dfb80dc66c11f881a7279ccfda.dll
Size

3KB
MD5

2f3c96910773854519bead57d36f1440
SHA1

85945473c8ace25e9e9ff7b410fa6cf77412aa42
SHA256

61357c3eeda3161658cc8f331ad4ed82f94437dfb80dc66c11f881a7279ccfda
SHA512

f6b8e3c7096c72f5f0f81743c952d5245d8f9913d3a3023582295b6eb0b5befbae6715230d91a55ae11a47be3060d8ec8cb946d9a4a8a58e4c06750d5ddc730a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 736	2724	rundll32.exe	81
PID 2724 wrote to memory of 736	2724	rundll32.exe	81
PID 2724 wrote to memory of 736	2724	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\61357c3eeda3161658cc8f331ad4ed82f94437dfb80dc66c11f881a7279ccfda.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\61357c3eeda3161658cc8f331ad4ed82f94437dfb80dc66c11f881a7279ccfda.dll,#1
  2⤵
  PID:736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads