bb310ca2e2616bfbeb06405576a2cbd819100f8a15857561f3936d1b881f79ba | Triage

Analysis

max time kernel
199s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 23:35

Sharing

Report Analysis Logs

General

Target

bb310ca2e2616bfbeb06405576a2cbd819100f8a15857561f3936d1b881f79ba.dll
Size

3KB
MD5

3df665f537bea9855c2cadb7cb6125b0
SHA1

56da459518aef57fc93237e1824b4670be07cfe8
SHA256

bb310ca2e2616bfbeb06405576a2cbd819100f8a15857561f3936d1b881f79ba
SHA512

c8a2c5808e9ba7d93c2687de205d9b766adb1af94fa8644180a19c6e4475cad3935ffb89fe746aaaea4c38ca20454688921b631047705d0a8b5898ac0a95d551

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3660 wrote to memory of 4180	3660	rundll32.exe	81
PID 3660 wrote to memory of 4180	3660	rundll32.exe	81
PID 3660 wrote to memory of 4180	3660	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb310ca2e2616bfbeb06405576a2cbd819100f8a15857561f3936d1b881f79ba.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3660
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb310ca2e2616bfbeb06405576a2cbd819100f8a15857561f3936d1b881f79ba.dll,#1
  2⤵
  PID:4180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads