4f72911722782f86cbc2b754650f77d886d3080ef05e700b7b076297d9e9730b | Triage

Analysis

max time kernel
90s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 23:39

Sharing

Report Analysis Logs

General

Target

4f72911722782f86cbc2b754650f77d886d3080ef05e700b7b076297d9e9730b.dll
Size

3KB
MD5

065c6f38f890c78475a184b589c5eca0
SHA1

19b8064c1224149a959509345e355deeac690fd6
SHA256

4f72911722782f86cbc2b754650f77d886d3080ef05e700b7b076297d9e9730b
SHA512

6ca7cf90e25db2a0c5bcad305235dddc3e3519df32c2271829a3d3213b267f27d37f683f91b7442fd00d182028f0a85e83c18ce2f2bc56a3e8a071fa847b3525

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 2320	4788	rundll32.exe	28
PID 4788 wrote to memory of 2320	4788	rundll32.exe	28
PID 4788 wrote to memory of 2320	4788	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4f72911722782f86cbc2b754650f77d886d3080ef05e700b7b076297d9e9730b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4f72911722782f86cbc2b754650f77d886d3080ef05e700b7b076297d9e9730b.dll,#1
  2⤵
  PID:2320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads