cf2a0ce0b6df38b1faf2358dcc9e5f571829e22dad84d697378f25998e93fc36 | Triage

Analysis

max time kernel
186s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 11:50

Sharing

Report Analysis Logs

General

Target

cf2a0ce0b6df38b1faf2358dcc9e5f571829e22dad84d697378f25998e93fc36.dll
Size

3KB
MD5

22078a2dbb51f1cf1ef78ac9fc9780a0
SHA1

e8fdb8f8fa174230e3b67e5362b2a1f9b8f87102
SHA256

cf2a0ce0b6df38b1faf2358dcc9e5f571829e22dad84d697378f25998e93fc36
SHA512

a64638890ca8695bd38413c0794fad76d2629797d17a7e68b682a92654821632541d72cc4e17402f658bcd5ea2eb12b7a761f632c034abda769171ffe0b71dab

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 2896	1612	rundll32.exe	83
PID 1612 wrote to memory of 2896	1612	rundll32.exe	83
PID 1612 wrote to memory of 2896	1612	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf2a0ce0b6df38b1faf2358dcc9e5f571829e22dad84d697378f25998e93fc36.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf2a0ce0b6df38b1faf2358dcc9e5f571829e22dad84d697378f25998e93fc36.dll,#1
  2⤵
  PID:2896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads