f6ebd6f0fe20fe561d1cf5d6aea5201712a0eabf4624c863a5ab6d44b1f57755 | Triage

Analysis

max time kernel
40s
max time network
82s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
01-02-2022 08:46

Sharing

Report Analysis Logs

General

Target

f6ebd6f0fe20fe561d1cf5d6aea5201712a0eabf4624c863a5ab6d44b1f57755.dll
Size

242KB
MD5

e7371f007db56cf6c0ec2880db0984f7
SHA1

26d3cd9a7c0fe17d6b24053acf427493fdba1fb1
SHA256

f6ebd6f0fe20fe561d1cf5d6aea5201712a0eabf4624c863a5ab6d44b1f57755
SHA512

231a70f0f88d729e1990fa78e6627478ae5f04c2bd8ac4180b02b9c7e35f7063db074e3b29917aefeb62b1a57d0d718c97a77c4a8d1489b0f3806848fb5e26da

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2240 wrote to memory of 3352	2240	rundll32.exe	rundll32.exe
PID 2240 wrote to memory of 3352	2240	rundll32.exe	rundll32.exe
PID 2240 wrote to memory of 3352	2240	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f6ebd6f0fe20fe561d1cf5d6aea5201712a0eabf4624c863a5ab6d44b1f57755.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2240

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f6ebd6f0fe20fe561d1cf5d6aea5201712a0eabf4624c863a5ab6d44b1f57755.dll,#1
2⤵
PID:3352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...