713bd17437066dab0e041004b4035aa4da1f9f3128fcc1d342421956652aced2 | Triage

Analysis

max time kernel
186s
max time network
219s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 09:12

Sharing

Report Analysis Logs

General

Target

713bd17437066dab0e041004b4035aa4da1f9f3128fcc1d342421956652aced2.dll
Size

3KB
MD5

3f23d807062d2217163c4b9659eb14e0
SHA1

b6e61c2d2fdcb97379d5462ae5be726fa35806d3
SHA256

713bd17437066dab0e041004b4035aa4da1f9f3128fcc1d342421956652aced2
SHA512

a0ae6e9d0fb36ce2f109587a7ce4015e22919be7ae21a3a18c1ac268ba33b91d14ac27cc9dd77e475c0f063e43e633902f69310c1539e574eb0f7a22181b700d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4832 wrote to memory of 4148	4832	rundll32.exe	78
PID 4832 wrote to memory of 4148	4832	rundll32.exe	78
PID 4832 wrote to memory of 4148	4832	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\713bd17437066dab0e041004b4035aa4da1f9f3128fcc1d342421956652aced2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4832
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\713bd17437066dab0e041004b4035aa4da1f9f3128fcc1d342421956652aced2.dll,#1
  2⤵
  PID:4148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads