ac7b5b89b86d87cd5ab70c857f58d18453a7146c1d1c5585a1a90b9cb8f1decc | Triage

Analysis

max time kernel
152s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 11:52

Sharing

Report Analysis Logs

General

Target

ac7b5b89b86d87cd5ab70c857f58d18453a7146c1d1c5585a1a90b9cb8f1decc.dll
Size

3KB
MD5

6975f47ceac9e9c14e5d93c057735d90
SHA1

2d8d9518fcf30f1a979a19525c18099dcf5e4732
SHA256

ac7b5b89b86d87cd5ab70c857f58d18453a7146c1d1c5585a1a90b9cb8f1decc
SHA512

11370b533f278dbc814a0ddcbc37e498249799ff24842e3c863ba45869bde4b0fbab53367326221a9b87cf3456da3730d763bba327058853f960ebded552e77d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 3612	1472	rundll32.exe	82
PID 1472 wrote to memory of 3612	1472	rundll32.exe	82
PID 1472 wrote to memory of 3612	1472	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac7b5b89b86d87cd5ab70c857f58d18453a7146c1d1c5585a1a90b9cb8f1decc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac7b5b89b86d87cd5ab70c857f58d18453a7146c1d1c5585a1a90b9cb8f1decc.dll,#1
  2⤵
  PID:3612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads