e6bdeae21f873a739645c0f4cc86c91432ea1d2c229aac9af135f691482fdc9b | Triage

Analysis

max time kernel
137s
max time network
197s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
25-06-2022 09:57

Sharing

Report Analysis Logs

General

Target

e6bdeae21f873a739645c0f4cc86c91432ea1d2c229aac9af135f691482fdc9b.dll
Size

192KB
MD5

1e3114933e986925635982ecd5233f20
SHA1

64b02073f88dfcac300047857a1d68aedee83481
SHA256

e6bdeae21f873a739645c0f4cc86c91432ea1d2c229aac9af135f691482fdc9b
SHA512

750eb418876df845ae49e13300a67811c4c7afa020473397df9e483d76ee41afb35974b1bc13f150f54d1a4f9e3af5960f8a4de65a2d65e46864b812ed276381

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3840 wrote to memory of 3188	3840	rundll32.exe	rundll32.exe
PID 3840 wrote to memory of 3188	3840	rundll32.exe	rundll32.exe
PID 3840 wrote to memory of 3188	3840	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e6bdeae21f873a739645c0f4cc86c91432ea1d2c229aac9af135f691482fdc9b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3840

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e6bdeae21f873a739645c0f4cc86c91432ea1d2c229aac9af135f691482fdc9b.dll,#1
2⤵
PID:3188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3188-130-0x0000000000000000-mapping.dmp

Download