1a6a5c5111d72fdb3d1454311ebb8af8d852b6246a1ed0253fd81d131a6f6355 | Triage

Analysis

max time kernel
155s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
08-06-2022 03:20

Sharing

Report Analysis Logs

General

Target

1a6a5c5111d72fdb3d1454311ebb8af8d852b6246a1ed0253fd81d131a6f6355.dll
Size

14KB
MD5

0b44fadd1dab5fc637d48c1cd54f54c7
SHA1

5c1f3925a28a87495fbcf02469be89fec6e24331
SHA256

1a6a5c5111d72fdb3d1454311ebb8af8d852b6246a1ed0253fd81d131a6f6355
SHA512

2dcd1b76025c59020a62897ca21f6425ed189148cf5fd9462e2bcd1973a5722b0c40e63c6bea21f286cdeffae7ad4fc9605c96b1e76d5b9babe0b85213e3dec1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3396 wrote to memory of 2628	3396	rundll32.exe	81
PID 3396 wrote to memory of 2628	3396	rundll32.exe	81
PID 3396 wrote to memory of 2628	3396	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a6a5c5111d72fdb3d1454311ebb8af8d852b6246a1ed0253fd81d131a6f6355.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3396
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a6a5c5111d72fdb3d1454311ebb8af8d852b6246a1ed0253fd81d131a6f6355.dll,#1
  2⤵
  PID:2628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads