a39942f15adb7e15dacd7ed4ffd81ba579cf4d68c34955265ae647c0ca3a536a | Triage

Analysis

max time kernel
93s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 11:52

Sharing

Report Analysis Logs

General

Target

a39942f15adb7e15dacd7ed4ffd81ba579cf4d68c34955265ae647c0ca3a536a.dll
Size

3KB
MD5

b7052564bdc8522d104d752db86c64f0
SHA1

8cacd5102fb65f142e0ce3e542d1a64bf7f02541
SHA256

a39942f15adb7e15dacd7ed4ffd81ba579cf4d68c34955265ae647c0ca3a536a
SHA512

0d622e5400bc8ec357dbca8f5938fb366d36c624a468c3db49d04c4e4eea5bb2d45cd82b6908f0df9f9898d4d30cfc463caaa8cb5dc1689cce7847aaa0bf5c71

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1144 wrote to memory of 764	1144	rundll32.exe	80
PID 1144 wrote to memory of 764	1144	rundll32.exe	80
PID 1144 wrote to memory of 764	1144	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a39942f15adb7e15dacd7ed4ffd81ba579cf4d68c34955265ae647c0ca3a536a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1144
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a39942f15adb7e15dacd7ed4ffd81ba579cf4d68c34955265ae647c0ca3a536a.dll,#1
  2⤵
  PID:764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads