5db53d9e1fe0601112378bf395b5923f007aeeaf627997fc1f23cec88fba56a2 | Triage

Analysis

max time kernel
91s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 23:31

Sharing

Report Analysis Logs

General

Target

5db53d9e1fe0601112378bf395b5923f007aeeaf627997fc1f23cec88fba56a2.dll
Size

3KB
MD5

85a41b80894b0133bd4f3da6ce812e10
SHA1

f940e649f77f2820ca8de717e50bba57fae4e5f7
SHA256

5db53d9e1fe0601112378bf395b5923f007aeeaf627997fc1f23cec88fba56a2
SHA512

431f653cf8599ed85b082003cc8a17109e310a96d804e01289c91ae9ca903a2cafc4106d44d39e5e9c5fb333ed0f93aacfa5fa7baade43e8f450f8c518fe1615

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1080 wrote to memory of 4976	1080	rundll32.exe	79
PID 1080 wrote to memory of 4976	1080	rundll32.exe	79
PID 1080 wrote to memory of 4976	1080	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5db53d9e1fe0601112378bf395b5923f007aeeaf627997fc1f23cec88fba56a2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5db53d9e1fe0601112378bf395b5923f007aeeaf627997fc1f23cec88fba56a2.dll,#1
  2⤵
  PID:4976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4976-132-0x0000000000000000-mapping.dmp

Download