9bce07185666ddfead44c62a1252f7ba8eb6d3cf1373744ead757804e3cc7cc3 | Triage

Analysis

max time kernel
150s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 10:52

Sharing

Report Analysis Logs

General

Target

9bce07185666ddfead44c62a1252f7ba8eb6d3cf1373744ead757804e3cc7cc3.dll
Size

4KB
MD5

4cac5132dbc09052e94e8598bf192f40
SHA1

61426c093c302fb4e2160814c2f317008ae010e8
SHA256

9bce07185666ddfead44c62a1252f7ba8eb6d3cf1373744ead757804e3cc7cc3
SHA512

a15f213bda876b01a61b8495a1d9e79fba655c277260527acf5e70975147df5289ce9aa4fb81a29e2285dd409626549c638c2b4c9d8dcd6eb519536259482c95

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 4020	1196	rundll32.exe	82
PID 1196 wrote to memory of 4020	1196	rundll32.exe	82
PID 1196 wrote to memory of 4020	1196	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9bce07185666ddfead44c62a1252f7ba8eb6d3cf1373744ead757804e3cc7cc3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9bce07185666ddfead44c62a1252f7ba8eb6d3cf1373744ead757804e3cc7cc3.dll,#1
  2⤵
  PID:4020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads