2b91fbadc0fa69b91f2476441630e44a607f9271f6c9f1faa6d667eca2a0129c | Triage

Analysis

max time kernel
263s
max time network
299s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2022 20:46

Sharing

Report Analysis Logs

General

Target

2b91fbadc0fa69b91f2476441630e44a607f9271f6c9f1faa6d667eca2a0129c.dll
Size

3KB
MD5

95212d639e6e4e81baca07fb52d29ae0
SHA1

4d8400896cd059ee8648d5c3b4ecbfdbf7cdf01a
SHA256

2b91fbadc0fa69b91f2476441630e44a607f9271f6c9f1faa6d667eca2a0129c
SHA512

dee1d409a2008258249af3fbb4fb7702ce9073db773af1337d05e9573d5a676ba39b523fd99181f234771063d5fe439f09391f30abf53ad36bf9c84c9ac5d55d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4732 wrote to memory of 4532	4732	rundll32.exe	81
PID 4732 wrote to memory of 4532	4732	rundll32.exe	81
PID 4732 wrote to memory of 4532	4732	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b91fbadc0fa69b91f2476441630e44a607f9271f6c9f1faa6d667eca2a0129c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4732
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b91fbadc0fa69b91f2476441630e44a607f9271f6c9f1faa6d667eca2a0129c.dll,#1
  2⤵
  PID:4532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads