d116f287d83829d4c0aca4ab256ca7bf8f84bb11f7966d66bf9aeb2b77a181f1 | Triage

Analysis

max time kernel
112s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 00:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d116f287d83829d4c0aca4ab256ca7bf8f84bb11f7966d66bf9aeb2b77a181f1.dll
Size

4KB
MD5

fe6f1204cbc6cee862c86313c9370fe0
SHA1

c02afa8f3457133455e9e098358b4101d56b8de2
SHA256

d116f287d83829d4c0aca4ab256ca7bf8f84bb11f7966d66bf9aeb2b77a181f1
SHA512

07fab6677e99ba08f2984494264c6be374b7eed19766ce8a71befc05b8a8b20a05ab2909d24e742d3745199a2b3f243bbea9f726b774765ae96ee7658fbee08b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 5056	1640	rundll32.exe	80
PID 1640 wrote to memory of 5056	1640	rundll32.exe	80
PID 1640 wrote to memory of 5056	1640	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d116f287d83829d4c0aca4ab256ca7bf8f84bb11f7966d66bf9aeb2b77a181f1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d116f287d83829d4c0aca4ab256ca7bf8f84bb11f7966d66bf9aeb2b77a181f1.dll,#1
  2⤵
  PID:5056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads