ee6d6adc3dadd202c36f7f7226395fcd511bc0c39487f8f26cd65159b1aee1d9 | Triage

Analysis

max time kernel
91s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
01-07-2022 05:29

Sharing

Report Analysis Logs

General

Target

ee6d6adc3dadd202c36f7f7226395fcd511bc0c39487f8f26cd65159b1aee1d9.dll
Size

163KB
MD5

041e92f2142071cd6c2926bf0a869f37
SHA1

66dfc6f472435be2542e2092538e1d517f11c5b0
SHA256

ee6d6adc3dadd202c36f7f7226395fcd511bc0c39487f8f26cd65159b1aee1d9
SHA512

a548d183074c2e6e3456657996d61ffdfbfdae793b8fbaac822ce1ecc14fb937fea083f33216ef0abd7b4c1cf20193f7b4a0d6a96d33374f06b2beaa6db02e31

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4416 wrote to memory of 320	4416	rundll32.exe	rundll32.exe
PID 4416 wrote to memory of 320	4416	rundll32.exe	rundll32.exe
PID 4416 wrote to memory of 320	4416	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ee6d6adc3dadd202c36f7f7226395fcd511bc0c39487f8f26cd65159b1aee1d9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4416

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ee6d6adc3dadd202c36f7f7226395fcd511bc0c39487f8f26cd65159b1aee1d9.dll,#1
2⤵
PID:320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/320-130-0x0000000000000000-mapping.dmp

Download