9d6c85eea27792ef852001bd4cbb9f2b8020313638ef9cc1a5e65c2ffe541502 | Triage

Analysis

max time kernel
75s
max time network
119s
platform
windows10_x64
resource
win10v20210410
submitted
13-05-2021 12:55

Sharing

Report Analysis Logs

General

Target

9d6c85eea27792ef852001bd4cbb9f2b8020313638ef9cc1a5e65c2ffe541502.dll
Size

5KB
MD5

f0eb57e761e552307fd26afab4d7d3cd
SHA1

6b9e627867a9a054bd13bdad74898abe63fb05b7
SHA256

9d6c85eea27792ef852001bd4cbb9f2b8020313638ef9cc1a5e65c2ffe541502
SHA512

c0b03e0a82a11dd211ecdc15dbf6f5bdb6a7e8afff7654332422b6dc07923779c00260afe4dcd1fc7a06fe8d4e51a4f7b602960e1fcc70a113acd9d3dfc26bb5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4476 wrote to memory of 4528	4476	rundll32.exe	rundll32.exe
PID 4476 wrote to memory of 4528	4476	rundll32.exe	rundll32.exe
PID 4476 wrote to memory of 4528	4476	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9d6c85eea27792ef852001bd4cbb9f2b8020313638ef9cc1a5e65c2ffe541502.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4476

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9d6c85eea27792ef852001bd4cbb9f2b8020313638ef9cc1a5e65c2ffe541502.dll,#1
2⤵
PID:4528

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4528-114-0x0000000000000000-mapping.dmp

Download