6ad8147246e38373e88df519a50cf7519057437500d726fb917d6aea23ea7d36 | Triage

Analysis

max time kernel
180s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
25-06-2022 09:57

Sharing

Report Analysis Logs

General

Target

6ad8147246e38373e88df519a50cf7519057437500d726fb917d6aea23ea7d36.dll
Size

193KB
MD5

7948f6ac23a29727b26527fb63dd405e
SHA1

3ad14f80ceb1d78a7a333e3bf2a663a650a8a05e
SHA256

6ad8147246e38373e88df519a50cf7519057437500d726fb917d6aea23ea7d36
SHA512

51cd177a6b9787ad397e27ade911ecedbd3ccf88944b6bafa7aafc87efb48a165b875278d5735739fe6e3c930f88e19f75e017a53ed5a0559aaa4d6e04b9c2e7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 5004 wrote to memory of 380	5004	rundll32.exe	rundll32.exe
PID 5004 wrote to memory of 380	5004	rundll32.exe	rundll32.exe
PID 5004 wrote to memory of 380	5004	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ad8147246e38373e88df519a50cf7519057437500d726fb917d6aea23ea7d36.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5004

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ad8147246e38373e88df519a50cf7519057437500d726fb917d6aea23ea7d36.dll,#1
2⤵
PID:380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/380-130-0x0000000000000000-mapping.dmp

Download