f37a90fc5b782722336096161840a7cb6a00cbdd3aa22e5d6dc97bf749b3ccac | Triage

Analysis

max time kernel
165s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 00:33

Sharing

Report Analysis Logs

General

Target

f37a90fc5b782722336096161840a7cb6a00cbdd3aa22e5d6dc97bf749b3ccac.dll
Size

3KB
MD5

9d3e9bd65e45ce3031a87ae95a4f4370
SHA1

47f1dd0852c3da2c5825a2fe13968ede4168031a
SHA256

f37a90fc5b782722336096161840a7cb6a00cbdd3aa22e5d6dc97bf749b3ccac
SHA512

3982253a43c3db73b846e555e9b337c338963d7e5865210ef563862da1d7ef90354bf63aa883da498a618d653bf3ff6c2c5809dda6f827d19213946916ad4657

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 5024	3048	rundll32.exe	41
PID 3048 wrote to memory of 5024	3048	rundll32.exe	41
PID 3048 wrote to memory of 5024	3048	rundll32.exe	41

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f37a90fc5b782722336096161840a7cb6a00cbdd3aa22e5d6dc97bf749b3ccac.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f37a90fc5b782722336096161840a7cb6a00cbdd3aa22e5d6dc97bf749b3ccac.dll,#1
  2⤵
  PID:5024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads