afab830ea0b5567661e4ee5e6f7af2bb8b263d4d0776992457b25972b5845fb1 | Triage

Analysis

max time kernel
90s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 11:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

afab830ea0b5567661e4ee5e6f7af2bb8b263d4d0776992457b25972b5845fb1.dll
Size

3KB
MD5

f97c9dabd9ac0eb3e3aba81a9f63db40
SHA1

bde3f93577275b1f825b70584c3874357c58b58d
SHA256

afab830ea0b5567661e4ee5e6f7af2bb8b263d4d0776992457b25972b5845fb1
SHA512

1b931af60ef0d8a2f1a9e88c60b0accf0e0d1d8410932c69d51d83f34cf8c443674e3b2d320b67e745a1e150c4affd93669a76e6be96655e0e6007170a837416

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4396 wrote to memory of 4944	4396	rundll32.exe	80
PID 4396 wrote to memory of 4944	4396	rundll32.exe	80
PID 4396 wrote to memory of 4944	4396	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\afab830ea0b5567661e4ee5e6f7af2bb8b263d4d0776992457b25972b5845fb1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4396
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\afab830ea0b5567661e4ee5e6f7af2bb8b263d4d0776992457b25972b5845fb1.dll,#1
  2⤵
  PID:4944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads