92cabb7ee62ad08e0733fba1b311c3aa4deced62d0ff72640c43d72582f8db1d | Triage

Analysis

max time kernel
158s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 00:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

92cabb7ee62ad08e0733fba1b311c3aa4deced62d0ff72640c43d72582f8db1d.dll
Size

4KB
MD5

206eadb5e6e8c4ad9652093ce38edc80
SHA1

c67b2a71afdafb4f736fb1a720f96fed50052200
SHA256

92cabb7ee62ad08e0733fba1b311c3aa4deced62d0ff72640c43d72582f8db1d
SHA512

b1856b811b06842043526ee7c9821d84add43818a2019877fac43a57e31cafd123e5f15051fa8053ead243a99d27a6708270ea454ad116770cf88c9f4ff6be13

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4600 wrote to memory of 2128	4600	rundll32.exe	81
PID 4600 wrote to memory of 2128	4600	rundll32.exe	81
PID 4600 wrote to memory of 2128	4600	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\92cabb7ee62ad08e0733fba1b311c3aa4deced62d0ff72640c43d72582f8db1d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4600
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\92cabb7ee62ad08e0733fba1b311c3aa4deced62d0ff72640c43d72582f8db1d.dll,#1
  2⤵
  PID:2128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads