58d780e8b96ecb7b5b469208a1d83c92808a3729b8b35c887ac61d472640bd30 | Triage

Analysis

max time kernel
138s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 00:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

58d780e8b96ecb7b5b469208a1d83c92808a3729b8b35c887ac61d472640bd30.dll
Size

4KB
MD5

62aa4f47828912a63e6e0bebe0e913c0
SHA1

0dc88fb005e07d02d7f631b56195df443468859d
SHA256

58d780e8b96ecb7b5b469208a1d83c92808a3729b8b35c887ac61d472640bd30
SHA512

07ad710a25b054128cac065456d5c2c31f16c670408d43ba30503d2c8f3de9d59eb6dc6235e8b93ef2bc13693ecc8345a6ca0bbcb9f2d6338c2c71feffc8ca29

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 368 wrote to memory of 3968	368	rundll32.exe	81
PID 368 wrote to memory of 3968	368	rundll32.exe	81
PID 368 wrote to memory of 3968	368	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\58d780e8b96ecb7b5b469208a1d83c92808a3729b8b35c887ac61d472640bd30.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\58d780e8b96ecb7b5b469208a1d83c92808a3729b8b35c887ac61d472640bd30.dll,#1
  2⤵
  PID:3968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads