e9344ecfd30e93e34380447ed6bdc0577b4683fb00e9a228c6e924cfd7e0effa | Triage

Analysis

max time kernel
149s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 18:23

Sharing

Report Analysis Logs

General

Target

e9344ecfd30e93e34380447ed6bdc0577b4683fb00e9a228c6e924cfd7e0effa.dll
Size

3KB
MD5

349aa55604b9d0221dfe3b3f10b27990
SHA1

28ac90629939ec63a6f9439e4c156884d6c8801e
SHA256

e9344ecfd30e93e34380447ed6bdc0577b4683fb00e9a228c6e924cfd7e0effa
SHA512

552b5475ab2b1c5d19beac49f82928bd4d44599423793131468bdc4ef3573d5c3ddfea4efbde1b632b4062bb6436a7631db2346428ef0011181a92ce1a3a573c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 5036	2816	rundll32.exe	76
PID 2816 wrote to memory of 5036	2816	rundll32.exe	76
PID 2816 wrote to memory of 5036	2816	rundll32.exe	76

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e9344ecfd30e93e34380447ed6bdc0577b4683fb00e9a228c6e924cfd7e0effa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e9344ecfd30e93e34380447ed6bdc0577b4683fb00e9a228c6e924cfd7e0effa.dll,#1
  2⤵
  PID:5036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5036-132-0x0000000000000000-mapping.dmp

Download