a72d00088ad596f30dd2aa41bc7b40414eff418d2e40de63d229cbf1d7528f8d | Triage

Analysis

max time kernel
251s
max time network
285s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2022 00:18

Sharing

Report Analysis Logs

General

Target

a72d00088ad596f30dd2aa41bc7b40414eff418d2e40de63d229cbf1d7528f8d.dll
Size

4KB
MD5

246c543c5eef279db0eb9c7e063b7700
SHA1

225d2a137efce1a981e6e499bea4f74178d402a2
SHA256

a72d00088ad596f30dd2aa41bc7b40414eff418d2e40de63d229cbf1d7528f8d
SHA512

6ac03c88d585f8086803d803af892fa5c4df1f4f3fe34f3c90922edff1769a04987784131df3cfd2935caf54d3fa2c7552634e33833ef36aeb226d8b63d720b7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 544 wrote to memory of 4772	544	rundll32.exe	81
PID 544 wrote to memory of 4772	544	rundll32.exe	81
PID 544 wrote to memory of 4772	544	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a72d00088ad596f30dd2aa41bc7b40414eff418d2e40de63d229cbf1d7528f8d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:544
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a72d00088ad596f30dd2aa41bc7b40414eff418d2e40de63d229cbf1d7528f8d.dll,#1
  2⤵
  PID:4772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4772-132-0x0000000000000000-mapping.dmp

Download