f2aa7eef220ca9eeb88e1d72f852fe2673b59da7f7f6d452d3499c2a960039e0 | Triage

Analysis

max time kernel
91s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 11:48

Sharing

Report Analysis Logs

General

Target

f2aa7eef220ca9eeb88e1d72f852fe2673b59da7f7f6d452d3499c2a960039e0.dll
Size

3KB
MD5

b735f43a44b67067ced4174fbe407400
SHA1

582c260192e3bdd68587bb72aadf5b22ead0da3b
SHA256

f2aa7eef220ca9eeb88e1d72f852fe2673b59da7f7f6d452d3499c2a960039e0
SHA512

9412b8c42516786f36b0a30267dee3d8133f1666f55d21166f8e5b68e8b65be6a241a3899942ee143edd62edc30fc428ee801e7ae5cbe423498d1a5b37bfc6f6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4880 wrote to memory of 3852	4880	rundll32.exe	80
PID 4880 wrote to memory of 3852	4880	rundll32.exe	80
PID 4880 wrote to memory of 3852	4880	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2aa7eef220ca9eeb88e1d72f852fe2673b59da7f7f6d452d3499c2a960039e0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4880
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2aa7eef220ca9eeb88e1d72f852fe2673b59da7f7f6d452d3499c2a960039e0.dll,#1
  2⤵
  PID:3852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads