e398e4d4ffddea3641b64fe8f4c71c61229d0d302d1bcdc1ca54555176372419 | Triage

Analysis

max time kernel
153s
max time network
199s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 23:33

Sharing

Report Analysis Logs

General

Target

e398e4d4ffddea3641b64fe8f4c71c61229d0d302d1bcdc1ca54555176372419.dll
Size

3KB
MD5

53bc87025351423f979887a88c367ee0
SHA1

140139ba9095e8b649be48044015b3eb6ae5472d
SHA256

e398e4d4ffddea3641b64fe8f4c71c61229d0d302d1bcdc1ca54555176372419
SHA512

9bb48ed445232b497854c4d29f789f463a224c52126db474bf41efe61a301ff20a38da4d987a86342f38076a90a0fd9f8ad428742cf415f023db79d70de80a4e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1248 wrote to memory of 4932	1248	rundll32.exe	82
PID 1248 wrote to memory of 4932	1248	rundll32.exe	82
PID 1248 wrote to memory of 4932	1248	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e398e4d4ffddea3641b64fe8f4c71c61229d0d302d1bcdc1ca54555176372419.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1248
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e398e4d4ffddea3641b64fe8f4c71c61229d0d302d1bcdc1ca54555176372419.dll,#1
  2⤵
  PID:4932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads