06b13344b6674a23068788a747c14ea71eeda9f12572698220731e2b0a7738a4 | Triage

Analysis

max time kernel
2s
max time network
7s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
20-01-2022 03:00

Sharing

Report Analysis Logs

General

Target

06b13344b6674a23068788a747c14ea71eeda9f12572698220731e2b0a7738a4.dll
Size

628KB
MD5

2dc313c8309f028d3f793167c2c772f2
SHA1

d466780789480443b0eccdbd9fad660b398abfa8
SHA256

06b13344b6674a23068788a747c14ea71eeda9f12572698220731e2b0a7738a4
SHA512

876208929c6578d5d2d5532ec24ed79d8b7e7c1c54db27bab79f4c32b7ebca0325ccc33596fc85680de6d61b3cbf10319076eacad5b15325bdc7a71410d3f311

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1756 wrote to memory of 1332	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 1332	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 1332	1756	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06b13344b6674a23068788a747c14ea71eeda9f12572698220731e2b0a7738a4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1756

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06b13344b6674a23068788a747c14ea71eeda9f12572698220731e2b0a7738a4.dll,#1
2⤵
PID:1332

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1332-130-0x00000000040D0000-0x0000000004170000-memory.dmp

Filesize
640KB

Download