74fd6fe349493726e1a3810659636d688a14da62c9025c5ad5f8c73dcce5a49e | Triage

Analysis

max time kernel
64s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 20:45

Sharing

Report Analysis Logs

General

Target

74fd6fe349493726e1a3810659636d688a14da62c9025c5ad5f8c73dcce5a49e.dll
Size

3KB
MD5

5618adad28711429c124e3d44ab86f4a
SHA1

03901c644c3da0738b3e1ba25b9d2114a9cd8c28
SHA256

74fd6fe349493726e1a3810659636d688a14da62c9025c5ad5f8c73dcce5a49e
SHA512

35b4892104bc4ce18fcf04a7e20856f8eda3a9cfb91490171cd208ffcee60aebd77833f781273cd6b2bdc511d7b7ffc1de8183c649b2d69218f3951eb04d13fe

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 1048	1728	rundll32.exe	23
PID 1728 wrote to memory of 1048	1728	rundll32.exe	23
PID 1728 wrote to memory of 1048	1728	rundll32.exe	23

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\74fd6fe349493726e1a3810659636d688a14da62c9025c5ad5f8c73dcce5a49e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\74fd6fe349493726e1a3810659636d688a14da62c9025c5ad5f8c73dcce5a49e.dll,#1
  2⤵
  PID:1048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads