91c17a0ba74654bed8a6ab027456fc83f8bc84f8284c3504e4e12f99569f8c83 | Triage

Analysis

max time kernel
144s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2022 09:19

Sharing

Report Analysis Logs

General

Target

91c17a0ba74654bed8a6ab027456fc83f8bc84f8284c3504e4e12f99569f8c83.dll
Size

3KB
MD5

bdf777aa938c379e7a235c26c8182ba0
SHA1

ccaad2a05829dfa94ec47891ef0b04a6d336d468
SHA256

91c17a0ba74654bed8a6ab027456fc83f8bc84f8284c3504e4e12f99569f8c83
SHA512

0c0ab6b2713e11fc3389061c7adf944f0fc0b8396048aed055adc293dc366778d47af73a39af2a9e04db21eb9a0de72b56be10acaa8b48d67e47dccb24df99f4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4548 wrote to memory of 3096	4548	rundll32.exe	79
PID 4548 wrote to memory of 3096	4548	rundll32.exe	79
PID 4548 wrote to memory of 3096	4548	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\91c17a0ba74654bed8a6ab027456fc83f8bc84f8284c3504e4e12f99569f8c83.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\91c17a0ba74654bed8a6ab027456fc83f8bc84f8284c3504e4e12f99569f8c83.dll,#1
  2⤵
  PID:3096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads