f2717f5b159c2292f81165627569f37472acea3f6cf4fb69ddcfd857070c42ec | Triage

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 04:13

Sharing

Report Analysis Logs

General

Target

f2717f5b159c2292f81165627569f37472acea3f6cf4fb69ddcfd857070c42ec.dll
Size

3KB
MD5

b22b7f5fd40a7c6b3aea18f2d680ba68
SHA1

a638fe8ef3722ba18ca13c93b0416d66c5150569
SHA256

f2717f5b159c2292f81165627569f37472acea3f6cf4fb69ddcfd857070c42ec
SHA512

50bfbe4e87a629c5ed994d0f9f07353807c596b138db5bfd32c2067d25ebb9d92afc6724ae9b3ffc9548040b9d912736b7eeb5427120ab13ec14626226e0fbe3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3756 wrote to memory of 824	3756	rundll32.exe	83
PID 3756 wrote to memory of 824	3756	rundll32.exe	83
PID 3756 wrote to memory of 824	3756	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2717f5b159c2292f81165627569f37472acea3f6cf4fb69ddcfd857070c42ec.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2717f5b159c2292f81165627569f37472acea3f6cf4fb69ddcfd857070c42ec.dll,#1
  2⤵
  PID:824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads