d808ac56822ef651c16cbf344d11197bfb7230c991a9b5fd40aef56b57e56ece | Triage

Analysis

max time kernel
112s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2023, 19:32

Sharing

Report Analysis Logs

General

Target

libtpq.dll
Size

44KB
MD5

df9cbdfb7f5fa03ef03837fdeab55f53
SHA1

d734e50bb55fe3de76de0c9ae14acfcae1f3cc4d
SHA256

d808ac56822ef651c16cbf344d11197bfb7230c991a9b5fd40aef56b57e56ece
SHA512

c2d14c09fb40c7d6ac50646132c80eb337740669ad58d1f00af8aebb7f1b0ee909e182653fcf27fff8a821adcf5712592d5bfc9b38b3383069ae6fc2a9de6711
SSDEEP

384:wbwgTI3Z1qxTeyiiObv4xRlcDC7U8VvdE3:wDTeTi+v+l4C7U8Vs

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3548 wrote to memory of 4884	3548	rundll32.exe	81
PID 3548 wrote to memory of 4884	3548	rundll32.exe	81
PID 3548 wrote to memory of 4884	3548	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libtpq.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3548
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\libtpq.dll,#1
  2⤵
  PID:4884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads