e7691feaec70cdb863f2bfed4815858c9daeb93366d63eae3e37eb00bb405002 | Triage

Analysis

max time kernel
188s
max time network
230s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 20:41

Sharing

Report Analysis Logs

General

Target

e7691feaec70cdb863f2bfed4815858c9daeb93366d63eae3e37eb00bb405002.dll
Size

3KB
MD5

4733d459b69dbd0ac1efd31e25b3ba25
SHA1

50466865652e736cc870a26037934db118d97b8c
SHA256

e7691feaec70cdb863f2bfed4815858c9daeb93366d63eae3e37eb00bb405002
SHA512

7df6fd27e6f02faf0d6475cdacaaca6311b757a4afecf0e5f5b5f2f21605be307f74b9b08226cb0e0b8a9dc7c86e0a1b3e4dd93dbba7d538a93bea67e712483a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3920 wrote to memory of 112	3920	rundll32.exe	81
PID 3920 wrote to memory of 112	3920	rundll32.exe	81
PID 3920 wrote to memory of 112	3920	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e7691feaec70cdb863f2bfed4815858c9daeb93366d63eae3e37eb00bb405002.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3920
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e7691feaec70cdb863f2bfed4815858c9daeb93366d63eae3e37eb00bb405002.dll,#1
  2⤵
  PID:112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads