cb73aae6626c6480576926633cc42f1f93855db08b2d83a9da9d3e52226fc8d4 | Triage

Analysis

max time kernel
202s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2022 05:46

Sharing

Report Analysis Logs

General

Target

cb73aae6626c6480576926633cc42f1f93855db08b2d83a9da9d3e52226fc8d4.dll
Size

4KB
MD5

1ddf27eaf283f2b8e869649bed0a7020
SHA1

8f0b7913c184d29bdcfb51666bf930e024117365
SHA256

cb73aae6626c6480576926633cc42f1f93855db08b2d83a9da9d3e52226fc8d4
SHA512

97527c6399ee4c4d3be8b015027ce7329ccc8fbd1e9ff021bfe033fda124b0c199adf5410e76c1fec8731008aeeef569e77d4a02fa73cd08e0deaedef9561dd7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4820 wrote to memory of 1800	4820	rundll32.exe	80
PID 4820 wrote to memory of 1800	4820	rundll32.exe	80
PID 4820 wrote to memory of 1800	4820	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb73aae6626c6480576926633cc42f1f93855db08b2d83a9da9d3e52226fc8d4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4820
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb73aae6626c6480576926633cc42f1f93855db08b2d83a9da9d3e52226fc8d4.dll,#1
  2⤵
  PID:1800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads