d074142929059f95bede11ac799470b9dfb2c152a65e7241cd325dd351db1738 | Triage

Analysis

max time kernel
148s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2022 20:42

Sharing

Report Analysis Logs

General

Target

d074142929059f95bede11ac799470b9dfb2c152a65e7241cd325dd351db1738.dll
Size

3KB
MD5

21e57fff5de657f886ed3a96bff00f9a
SHA1

67b0337eb017efcc68f4cc28a66a173718e56c70
SHA256

d074142929059f95bede11ac799470b9dfb2c152a65e7241cd325dd351db1738
SHA512

e7d86f2f3783034192ec05ec29cd82252bb0c59b92e09fabcbc253712da2816002e3d27b7b0951c142529f46045b030572db540714ada0043874f6f352abd184

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1512 wrote to memory of 2116	1512	rundll32.exe	83
PID 1512 wrote to memory of 2116	1512	rundll32.exe	83
PID 1512 wrote to memory of 2116	1512	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d074142929059f95bede11ac799470b9dfb2c152a65e7241cd325dd351db1738.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1512
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d074142929059f95bede11ac799470b9dfb2c152a65e7241cd325dd351db1738.dll,#1
  2⤵
  PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2116-132-0x0000000000000000-mapping.dmp

Download