abb967d7474192dcbd0a96f4634a34cfca59517aacca475f41ade181758a734b | Triage

Analysis

max time kernel
11s
max time network
13s
platform
windows10_x64
resource
win10v20210408
submitted
06-05-2021 16:14

Sharing

Report Analysis Logs

General

Target

Intelx6.dll
Size

497KB
MD5

a1be68f700288e8e145808c9e8f73600
SHA1

a4f0283ba02978d64df096339569359465abdaaf
SHA256

6b35069995b3e8bd6daa635779226f199a7c3a7114ea56e5bfa7660d0d706f9e
SHA512

12a35031ea1b70490516e6eae3bf19793be3f63bdd9fa4798072de1dc92170eaea042b73b8d341e0ec068af956f6fcc22a5e3e207dacf0b881eeb8e166182af6

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

rundll32.exe

pid process

1604 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 708 wrote to memory of 1604	708	rundll32.exe	rundll32.exe
PID 708 wrote to memory of 1604	708	rundll32.exe	rundll32.exe
PID 708 wrote to memory of 1604	708	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Intelx6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:708

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Intelx6.dll,#1
2⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:1604

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1604-114-0x0000000000000000-mapping.dmp

Download
memory/1604-115-0x0000000073B80000-0x0000000073C94000-memory.dmp

Filesize
1.1MB

Download