1cf04e20b3b332d9fb2d13f815eed548e0b46b7118f26780f271ee5920d8a14c | Triage

Analysis

max time kernel
93s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 23:40

Sharing

Report Analysis Logs

General

Target

1cf04e20b3b332d9fb2d13f815eed548e0b46b7118f26780f271ee5920d8a14c.dll
Size

3KB
MD5

c93851c4a4a39b279c1c9ab11582aff0
SHA1

51275815b6328978e1641cb4d6e5267dd200c9f6
SHA256

1cf04e20b3b332d9fb2d13f815eed548e0b46b7118f26780f271ee5920d8a14c
SHA512

22a5bbe3986911fe7e41ff720cbf69f2dab71af757268e57819835c47efe99b54f93705a73125d45a8160d514ec49d9ce17e5b57f20ddb05542636e57ab60c7f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 488 wrote to memory of 4912	488	rundll32.exe	78
PID 488 wrote to memory of 4912	488	rundll32.exe	78
PID 488 wrote to memory of 4912	488	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1cf04e20b3b332d9fb2d13f815eed548e0b46b7118f26780f271ee5920d8a14c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:488
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1cf04e20b3b332d9fb2d13f815eed548e0b46b7118f26780f271ee5920d8a14c.dll,#1
  2⤵
  PID:4912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4912-132-0x0000000000000000-mapping.dmp

Download