996686e3fd252d9c750de3682bdf1a13f1b1f6e1084a1f48976d794cfb49c764 | Triage

Analysis

max time kernel
146s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 00:20 UTC

Sharing

Report Analysis Logs

General

Target

996686e3fd252d9c750de3682bdf1a13f1b1f6e1084a1f48976d794cfb49c764.dll
Size

4KB
MD5

74085d366c5e1891f4930f3cee65b540
SHA1

2bb62790e31d3f1ba9941a04ec165d803d36737c
SHA256

996686e3fd252d9c750de3682bdf1a13f1b1f6e1084a1f48976d794cfb49c764
SHA512

f033ad00777569878b60cc57136048c84b963235da6c1193f0a2bb0da85ea818a0415168a0bfae5b4a761fa1ff1705e3f0a7d5a8bc364651d1e9eccbe92109c0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 4744	4788	rundll32.exe	84
PID 4788 wrote to memory of 4744	4788	rundll32.exe	84
PID 4788 wrote to memory of 4744	4788	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\996686e3fd252d9c750de3682bdf1a13f1b1f6e1084a1f48976d794cfb49c764.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\996686e3fd252d9c750de3682bdf1a13f1b1f6e1084a1f48976d794cfb49c764.dll,#1
  2⤵
  PID:4744

Network

No results found

93.184.220.29:80

46 B
40 B
1
1
93.184.220.29:80

322 B
7
209.197.3.8:80

322 B
7
104.80.225.205:443

322 B
7
13.69.109.130:443

322 B
7
87.248.202.1:80

322 B
7
209.197.3.8:80

322 B
7
209.197.3.8:80

322 B
7
40.125.122.176:443

260 B
5

No results found

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads