e50dbfd8391394fe15e7162c7ea99a4919180957899e6878e58b20e094e5f36e | Triage

Analysis

max time kernel
90s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 11:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e50dbfd8391394fe15e7162c7ea99a4919180957899e6878e58b20e094e5f36e.dll
Size

3KB
MD5

0b0df51a4dc6fce24b9d00c86955fdb0
SHA1

fd57e93e747eee373268e0c44e21b0ec563c37d7
SHA256

e50dbfd8391394fe15e7162c7ea99a4919180957899e6878e58b20e094e5f36e
SHA512

e4316fe24e818f3e4d537c5034c49a9f3515137a351106e9dddd65a242bb09e9088e5ebe132c0a0f193e898e9776fc01ad6aa377f8f0a9c22ee1323479dc7e62

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 644 wrote to memory of 360	644	rundll32.exe	80
PID 644 wrote to memory of 360	644	rundll32.exe	80
PID 644 wrote to memory of 360	644	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e50dbfd8391394fe15e7162c7ea99a4919180957899e6878e58b20e094e5f36e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:644
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e50dbfd8391394fe15e7162c7ea99a4919180957899e6878e58b20e094e5f36e.dll,#1
  2⤵
  PID:360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads