843e1fcdb29e42df85f6ec8d7c39768128d657267369f720b8d39a22f0099496 | Triage

Analysis

max time kernel
236s
max time network
310s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 01:19

Sharing

Report Analysis Logs

General

Target

843e1fcdb29e42df85f6ec8d7c39768128d657267369f720b8d39a22f0099496.dll
Size

3KB
MD5

eb7def98370aa8264c58cf821988b370
SHA1

bbce47ba952f62c71025d2a5ec77b078c4cff2db
SHA256

843e1fcdb29e42df85f6ec8d7c39768128d657267369f720b8d39a22f0099496
SHA512

8896615dfd9ecbc42a162d9b488f4a3556760e1cfdcaebe4d993bd8132f1533ff4b938974907a5ef5b511c95ca0aeea9eea14f065a767cea817b422f97bea07b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3724 wrote to memory of 3600	3724	rundll32.exe	82
PID 3724 wrote to memory of 3600	3724	rundll32.exe	82
PID 3724 wrote to memory of 3600	3724	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\843e1fcdb29e42df85f6ec8d7c39768128d657267369f720b8d39a22f0099496.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3724
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\843e1fcdb29e42df85f6ec8d7c39768128d657267369f720b8d39a22f0099496.dll,#1
  2⤵
  PID:3600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads