785c0e10ed70f27b143342602e5425857848978b09cbfc59552227dc9d78f60e | Triage

Analysis

max time kernel
145s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 01:22

Sharing

Report Analysis Logs

General

Target

785c0e10ed70f27b143342602e5425857848978b09cbfc59552227dc9d78f60e.dll
Size

4KB
MD5

9e7f96f6cfd509b50b7d33477fb23cd0
SHA1

81d1e293c76399c9b167f0e53da4f89f143f8b93
SHA256

785c0e10ed70f27b143342602e5425857848978b09cbfc59552227dc9d78f60e
SHA512

595bcdf49805e38288e4b0a915fb80d34795e8a9584a33454d4e0bf2e60764a3e3cce9e97a0321c9d2f06e6b150b64788f6df5a90444c928c9b033ff03538cd4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 628 wrote to memory of 1784	628	rundll32.exe	76
PID 628 wrote to memory of 1784	628	rundll32.exe	76
PID 628 wrote to memory of 1784	628	rundll32.exe	76

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\785c0e10ed70f27b143342602e5425857848978b09cbfc59552227dc9d78f60e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:628
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\785c0e10ed70f27b143342602e5425857848978b09cbfc59552227dc9d78f60e.dll,#1
  2⤵
  PID:1784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1784-132-0x0000000000000000-mapping.dmp

Download