f2bf74cd9480d6a1cb17b09a1b23a7f5ff099839edff485429a52cb19f697f1c | Triage

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 11:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f2bf74cd9480d6a1cb17b09a1b23a7f5ff099839edff485429a52cb19f697f1c.dll
Size

4KB
MD5

0044c0bf71d2670c6254f332d9178070
SHA1

b50831f3134f5f556081ace804a04990ba637f00
SHA256

f2bf74cd9480d6a1cb17b09a1b23a7f5ff099839edff485429a52cb19f697f1c
SHA512

fe0a12c6b06e75ea16a1bc65149d54e5d99b139aff70475b1c0c5ccb797ae57f7e48f56f97fc98dacce489727dcd2e4af41d763d0eb3fb43ed8893da635e7ac1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2636 wrote to memory of 1708	2636	rundll32.exe	80
PID 2636 wrote to memory of 1708	2636	rundll32.exe	80
PID 2636 wrote to memory of 1708	2636	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2bf74cd9480d6a1cb17b09a1b23a7f5ff099839edff485429a52cb19f697f1c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2636
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2bf74cd9480d6a1cb17b09a1b23a7f5ff099839edff485429a52cb19f697f1c.dll,#1
  2⤵
  PID:1708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads