c8b390ec534973cfa4e196f2bfbcb5266607734fca0fb652cfea8c785114f8a0 | Triage

Analysis

max time kernel
190s
max time network
202s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 20:42

Sharing

Report Analysis Logs

General

Target

c8b390ec534973cfa4e196f2bfbcb5266607734fca0fb652cfea8c785114f8a0.dll
Size

3KB
MD5

e33bb44bdaa206ae4a1ab8fb765aa229
SHA1

bece0df72e8fa3b33b378ebf2b0b92ca2aeb0c8b
SHA256

c8b390ec534973cfa4e196f2bfbcb5266607734fca0fb652cfea8c785114f8a0
SHA512

27f0000faa3ec16ff4ce8b08194078253eec0b366fa539ad041004180b88ce121808de0f87a175ac9efe2e43cfdabefe9dd50dc7056993cae9faa720c1882191

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3324 wrote to memory of 4336	3324	rundll32.exe	84
PID 3324 wrote to memory of 4336	3324	rundll32.exe	84
PID 3324 wrote to memory of 4336	3324	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c8b390ec534973cfa4e196f2bfbcb5266607734fca0fb652cfea8c785114f8a0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3324
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c8b390ec534973cfa4e196f2bfbcb5266607734fca0fb652cfea8c785114f8a0.dll,#1
  2⤵
  PID:4336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads