288f47b354348a678a28514269597d0a1afc75fe34da818326d294e4fb0de9f9 | Triage

Analysis

max time kernel
188s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 00:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

288f47b354348a678a28514269597d0a1afc75fe34da818326d294e4fb0de9f9.dll
Size

4KB
MD5

e592aa9f9c1e054500e3831217a552c0
SHA1

28d1c9d2dcb7043bb262566a5b801df842ecd55f
SHA256

288f47b354348a678a28514269597d0a1afc75fe34da818326d294e4fb0de9f9
SHA512

1337c18af27b863571734ba859a0d547f7f807cc83e400f0a1241a26a1eadaed81ac3724e1972dd79ba0f27a610a5ac31270f2ba7b58b03e0fcb82958c06c40c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4428 wrote to memory of 2728	4428	rundll32.exe	83
PID 4428 wrote to memory of 2728	4428	rundll32.exe	83
PID 4428 wrote to memory of 2728	4428	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\288f47b354348a678a28514269597d0a1afc75fe34da818326d294e4fb0de9f9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4428
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\288f47b354348a678a28514269597d0a1afc75fe34da818326d294e4fb0de9f9.dll,#1
  2⤵
  PID:2728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads