16464a294fc276ea38e4f8aedd7fa6d1f426036d42b342bde27bdc63b5c6658c | Triage

Analysis

max time kernel
25s
max time network
77s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
01-02-2022 10:52

Sharing

Report Analysis Logs

General

Target

16464a294fc276ea38e4f8aedd7fa6d1f426036d42b342bde27bdc63b5c6658c.dll
Size

310KB
MD5

b9d425b1970b5fd03aed67053d97916d
SHA1

6b198494ce7d94fe26e72f4d0de776c897d9231a
SHA256

16464a294fc276ea38e4f8aedd7fa6d1f426036d42b342bde27bdc63b5c6658c
SHA512

621449a17709fb703c18e84b31956a1fefd7a0204743061c401f7208a12c9a51df6f60eee0be155ca290d0336e46b7fdef8eaa4267dc8147916f43d824cb989d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3628 wrote to memory of 3220	3628	rundll32.exe	rundll32.exe
PID 3628 wrote to memory of 3220	3628	rundll32.exe	rundll32.exe
PID 3628 wrote to memory of 3220	3628	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\16464a294fc276ea38e4f8aedd7fa6d1f426036d42b342bde27bdc63b5c6658c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3628

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\16464a294fc276ea38e4f8aedd7fa6d1f426036d42b342bde27bdc63b5c6658c.dll,#1
2⤵
PID:3220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads