76926bf0165749f0d20f4ee65d7c168190866befa3d5df95c98ae27c896fe073 | Triage

Analysis

max time kernel
150s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 09:20

Sharing

Report Analysis Logs

General

Target

76926bf0165749f0d20f4ee65d7c168190866befa3d5df95c98ae27c896fe073.dll
Size

3KB
MD5

cb8adef1618ef929975737d55d49f0a0
SHA1

635555c6b8f08644e0f25bf16672340758380b92
SHA256

76926bf0165749f0d20f4ee65d7c168190866befa3d5df95c98ae27c896fe073
SHA512

17103a3386650c3d758132caa525fb917b07118592f098d67d7babdca67ac409b0c0578ce5093f6aec67e009e2b2847bd8f196491d06ecb8452c3ada41d5c3d8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 4776	2772	rundll32.exe	81
PID 2772 wrote to memory of 4776	2772	rundll32.exe	81
PID 2772 wrote to memory of 4776	2772	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\76926bf0165749f0d20f4ee65d7c168190866befa3d5df95c98ae27c896fe073.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\76926bf0165749f0d20f4ee65d7c168190866befa3d5df95c98ae27c896fe073.dll,#1
  2⤵
  PID:4776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads