757831a57ccd3e48aa195958f0ea417adf26393f3bfa46c83aad9bbbdbff0bac | Triage

Analysis

max time kernel
143s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 11:54

Sharing

Report Analysis Logs

General

Target

757831a57ccd3e48aa195958f0ea417adf26393f3bfa46c83aad9bbbdbff0bac.dll
Size

3KB
MD5

be91850912ca7cff851e4b718118d900
SHA1

c0335009ffdacfb85b6f024deee762a5487d7e7f
SHA256

757831a57ccd3e48aa195958f0ea417adf26393f3bfa46c83aad9bbbdbff0bac
SHA512

89217d2b03e2210b6319be064b3a29bea6ec3df3461b16e917754c32f5e73cfcfeb5e530af7274d4df3fa79ec1e4db04c4fcbc5f2c98d62d7b379446ffaddfc5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4844 wrote to memory of 4760	4844	rundll32.exe	80
PID 4844 wrote to memory of 4760	4844	rundll32.exe	80
PID 4844 wrote to memory of 4760	4844	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\757831a57ccd3e48aa195958f0ea417adf26393f3bfa46c83aad9bbbdbff0bac.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4844
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\757831a57ccd3e48aa195958f0ea417adf26393f3bfa46c83aad9bbbdbff0bac.dll,#1
  2⤵
  PID:4760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads