17cfabc7a9422e5d9a0f6298518d5f767082146c91ff0f57e0e740f78d361f8d | Triage

Analysis

max time kernel
111s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2022 00:31

Sharing

Report Analysis Logs

General

Target

17cfabc7a9422e5d9a0f6298518d5f767082146c91ff0f57e0e740f78d361f8d.dll
Size

4KB
MD5

52bf7bf87be3731f9b7bdf45f8ecc710
SHA1

df9850080209261ab565682cc8baa5f79ded23a0
SHA256

17cfabc7a9422e5d9a0f6298518d5f767082146c91ff0f57e0e740f78d361f8d
SHA512

8988def2c741d8e236a1659b8f72ddf95968aa0fce9b90869975e522acb9d26c3fb83e8357b2fd878bc5e646602e886ff44395df055344655f2ff9d96c6d0c8a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3840 wrote to memory of 1852	3840	rundll32.exe	77
PID 3840 wrote to memory of 1852	3840	rundll32.exe	77
PID 3840 wrote to memory of 1852	3840	rundll32.exe	77

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\17cfabc7a9422e5d9a0f6298518d5f767082146c91ff0f57e0e740f78d361f8d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3840
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\17cfabc7a9422e5d9a0f6298518d5f767082146c91ff0f57e0e740f78d361f8d.dll,#1
  2⤵
  PID:1852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads