9e5c6bb9bd075524f8326d153d3af04a475fdb3f22c946b4d6da9448036230f7 | Triage

Analysis

max time kernel
139s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2022 01:02

Sharing

Report Analysis Logs

General

Target

9e5c6bb9bd075524f8326d153d3af04a475fdb3f22c946b4d6da9448036230f7.dll
Size

3KB
MD5

6f13171737bc0656de119840f29f6cd0
SHA1

30448212406d10daff98ceda729dc48508e5da8b
SHA256

9e5c6bb9bd075524f8326d153d3af04a475fdb3f22c946b4d6da9448036230f7
SHA512

6a0aa38a2bedb4f7d9e5a3b72b57e25f55811983d4448c5301ecfbe1bb5e936d21b776a3271138554b8a0698a2b8f5b30603d1b5238f919fe295840301c1a949

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4776 wrote to memory of 4752	4776	rundll32.exe	81
PID 4776 wrote to memory of 4752	4776	rundll32.exe	81
PID 4776 wrote to memory of 4752	4776	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9e5c6bb9bd075524f8326d153d3af04a475fdb3f22c946b4d6da9448036230f7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4776
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9e5c6bb9bd075524f8326d153d3af04a475fdb3f22c946b4d6da9448036230f7.dll,#1
  2⤵
  PID:4752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4752-132-0x0000000000000000-mapping.dmp

Download