5570197a87ced8418e48c64ebd907e721d16228e64d2893ee623b2578d06974f | Triage

Analysis

max time kernel
205s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 00:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5570197a87ced8418e48c64ebd907e721d16228e64d2893ee623b2578d06974f.dll
Size

4KB
MD5

575d704bddc3507206e392738a0bd390
SHA1

d0f9015cf4f7bd68e1f6388feca2088a66f0778f
SHA256

5570197a87ced8418e48c64ebd907e721d16228e64d2893ee623b2578d06974f
SHA512

6058189a2c158b1ff052b5ebe2671f057ebdfacc7b6ce9655917495b7e591f3c8d96610cd0f9d3270ff2fdb0a21d2097ea58d1d6844c6223a051b89cdc82186a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 820	5076	rundll32.exe	80
PID 5076 wrote to memory of 820	5076	rundll32.exe	80
PID 5076 wrote to memory of 820	5076	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5570197a87ced8418e48c64ebd907e721d16228e64d2893ee623b2578d06974f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5570197a87ced8418e48c64ebd907e721d16228e64d2893ee623b2578d06974f.dll,#1
  2⤵
  PID:820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads