cd31bcc0eb3370b45204fcbf08bec7d388c2d3dfbaa3ead9f3c008d0b476dfb1 | Triage

Analysis

max time kernel
140s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 23:34

Sharing

Report Analysis Logs

General

Target

cd31bcc0eb3370b45204fcbf08bec7d388c2d3dfbaa3ead9f3c008d0b476dfb1.dll
Size

3KB
MD5

df12f422e83c72659bebc571cd38f5c0
SHA1

67090051e1c23973a82132497e359fc037d00a2b
SHA256

cd31bcc0eb3370b45204fcbf08bec7d388c2d3dfbaa3ead9f3c008d0b476dfb1
SHA512

ffefc97fda6d403c5c21af76e619c3a0b27f3193b8d97df1095d3ce115c6245044188841ede238e62292dce3e16924e2c1f3f5e1eeeb4786d0b96caf5f835029

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 2004	4968	rundll32.exe	80
PID 4968 wrote to memory of 2004	4968	rundll32.exe	80
PID 4968 wrote to memory of 2004	4968	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd31bcc0eb3370b45204fcbf08bec7d388c2d3dfbaa3ead9f3c008d0b476dfb1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd31bcc0eb3370b45204fcbf08bec7d388c2d3dfbaa3ead9f3c008d0b476dfb1.dll,#1
  2⤵
  PID:2004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads