ba7b16d15e0550e802b7f1b9d57789b6177edb57b2302a8edb0c5dcedbf5133c | Triage

Analysis

max time kernel
172s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 11:03

Sharing

Report Analysis Logs

General

Target

ba7b16d15e0550e802b7f1b9d57789b6177edb57b2302a8edb0c5dcedbf5133c.dll
Size

3KB
MD5

14619c3bd601aef64610289e39e33920
SHA1

21cc151a4405f28f67645ac81b21ce327570a539
SHA256

ba7b16d15e0550e802b7f1b9d57789b6177edb57b2302a8edb0c5dcedbf5133c
SHA512

8fb8bba982ec96b706b0d51f03e3801da829abb2602877d77b8fbe3e95962c40971e7768787526f6a80f466c066024351adf64490872eb9ee0f3981444331423

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1188 wrote to memory of 2248	1188	rundll32.exe	79
PID 1188 wrote to memory of 2248	1188	rundll32.exe	79
PID 1188 wrote to memory of 2248	1188	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba7b16d15e0550e802b7f1b9d57789b6177edb57b2302a8edb0c5dcedbf5133c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba7b16d15e0550e802b7f1b9d57789b6177edb57b2302a8edb0c5dcedbf5133c.dll,#1
  2⤵
  PID:2248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads