f8ab93332536f27e4c463bde920795e59a08898ff648f679ca15c624f39b6dc8 | Triage

Analysis

max time kernel
127s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2023, 09:57

Sharing

Report Analysis Logs

General

Target

f8ab93332536f27e4c463bde920795e59a08898ff648f679ca15c624f39b6dc8.dll
Size

3KB
MD5

5fd33f5845d4e52d216b457485a14cc9
SHA1

1f8480d860486e5cea047d40897a4519eb6d7eab
SHA256

f8ab93332536f27e4c463bde920795e59a08898ff648f679ca15c624f39b6dc8
SHA512

94d5ceba2359d8c93a526602c5fc794d9caca6f37f66660e5498148730df3c7ad127132a12453f66f5ad487207a9bd1de5e91608475956f69fb861cf1dc61c42

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 1044	3996	rundll32.exe	82
PID 3996 wrote to memory of 1044	3996	rundll32.exe	82
PID 3996 wrote to memory of 1044	3996	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f8ab93332536f27e4c463bde920795e59a08898ff648f679ca15c624f39b6dc8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f8ab93332536f27e4c463bde920795e59a08898ff648f679ca15c624f39b6dc8.dll,#1
  2⤵
  PID:1044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads