4502fbbfe9631713b1b72c52519b886ed31c413c3b3a4b68d4d38139c4fd747f | Triage

Analysis

max time kernel
131s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 12:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

MFMediaEngine.dll
Size

3.1MB
MD5

cd6229511443725e12d6014f82a2d97b
SHA1

9832348e15ca8594c1137f86653964de15fd9585
SHA256

4502fbbfe9631713b1b72c52519b886ed31c413c3b3a4b68d4d38139c4fd747f
SHA512

1f6fe3dc4462d1b85de8eb67ab2c59b76ac4537a64a646eb429a77cdd525fa0db83b94f990e8d152f38d2e7d93eb2777d8e4c306184ba5baaed343d12bb7d698
SSDEEP

49152:f85FJRZSx4auvoNyct2pitw4TfKdybSIXJoKm/5iISiap9PbR/J9v:Wa4gft2pitwCi2G/5xSdBbR/J

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4472 wrote to memory of 1304	4472	rundll32.exe	83
PID 4472 wrote to memory of 1304	4472	rundll32.exe	83
PID 4472 wrote to memory of 1304	4472	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\MFMediaEngine.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4472
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\MFMediaEngine.dll,#1
  2⤵
  PID:1304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads