0e4b5570206dcc578479445ad2d3f60cc730f171ba26bc1ca85180f598881a28 | Triage

Analysis

max time kernel
153s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 23:41

Sharing

Report Analysis Logs

General

Target

0e4b5570206dcc578479445ad2d3f60cc730f171ba26bc1ca85180f598881a28.dll
Size

3KB
MD5

601433c43fece804e6278bc4168bc650
SHA1

7d0c596a1319e0af585b0d3511341a4eedd9e29a
SHA256

0e4b5570206dcc578479445ad2d3f60cc730f171ba26bc1ca85180f598881a28
SHA512

c02675f52d5a5e8693bb0d1d9f9e7c4f0cca25fa4ec54abc3fd3e61a0e09cebba7e159c623de5a07ddc7bad1d472ab7ee1e333ecdcadc22213dc3a99be1b7fdf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 516 wrote to memory of 4496	516	rundll32.exe	81
PID 516 wrote to memory of 4496	516	rundll32.exe	81
PID 516 wrote to memory of 4496	516	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e4b5570206dcc578479445ad2d3f60cc730f171ba26bc1ca85180f598881a28.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:516
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e4b5570206dcc578479445ad2d3f60cc730f171ba26bc1ca85180f598881a28.dll,#1
  2⤵
  PID:4496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads