d703fe5426878490b9d466a5b0f1d528e3865ea2e2599f61e126d1f165866585 | Triage

Analysis

max time kernel
179s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 12:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d703fe5426878490b9d466a5b0f1d528e3865ea2e2599f61e126d1f165866585.dll
Size

4KB
MD5

1875b86a9e962eeb418ba8cef8e7c630
SHA1

99999448cb26b302f0c216bdc51a9d1bc02fbea9
SHA256

d703fe5426878490b9d466a5b0f1d528e3865ea2e2599f61e126d1f165866585
SHA512

6282ff72a7bd4705b385712ce772907a6db99bd88447a75c9b75e8e586b0dcc4d417a9feb5c2e3c91bb1a82313088ba4cf4cf025c80283a9c9d76f8aa02fb194

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3760 wrote to memory of 4740	3760	rundll32.exe	68
PID 3760 wrote to memory of 4740	3760	rundll32.exe	68
PID 3760 wrote to memory of 4740	3760	rundll32.exe	68

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d703fe5426878490b9d466a5b0f1d528e3865ea2e2599f61e126d1f165866585.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3760
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d703fe5426878490b9d466a5b0f1d528e3865ea2e2599f61e126d1f165866585.dll,#1
  2⤵
  PID:4740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads