62cc2843e28a0b4a19949cb3c574c3fcf65e2249908b638946ada0fbc50184f0 | Triage

Analysis

max time kernel
177s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 14:06

Sharing

Report Analysis Logs

General

Target

62cc2843e28a0b4a19949cb3c574c3fcf65e2249908b638946ada0fbc50184f0.dll
Size

4KB
MD5

ec50ed3b12b3f4b932337a6e91c25ce0
SHA1

34776ad767a6243ca9ea06b8893b61075bc707f7
SHA256

62cc2843e28a0b4a19949cb3c574c3fcf65e2249908b638946ada0fbc50184f0
SHA512

9f8b0b12c9d2e7f1141e27fb18f384c75635cc1eca3fbf40a806f88d18fcbbfbcdf679a983c14cdebb75c24168895c699fa22f8166675cc73436b531b5d4413f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 816 wrote to memory of 736	816	rundll32.exe	80
PID 816 wrote to memory of 736	816	rundll32.exe	80
PID 816 wrote to memory of 736	816	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\62cc2843e28a0b4a19949cb3c574c3fcf65e2249908b638946ada0fbc50184f0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:816
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\62cc2843e28a0b4a19949cb3c574c3fcf65e2249908b638946ada0fbc50184f0.dll,#1
  2⤵
  PID:736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads