6ceae9330ae63c20b38bfc374062c0425f17dc55088f27f4af2d12e680efd533 | Triage

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 14:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6ceae9330ae63c20b38bfc374062c0425f17dc55088f27f4af2d12e680efd533.dll
Size

3KB
MD5

216ad3febc22048b50214c5b3130925b
SHA1

083e4b61e5c29bf91188308b79c4b76fe621f9b7
SHA256

6ceae9330ae63c20b38bfc374062c0425f17dc55088f27f4af2d12e680efd533
SHA512

582cc410334c404bd9e8f14989cb0e3e41978c820bec700bd5829c3ede738c5588711a794f1285766849eceae2211732c7a08dc9ddfd4b0cbb63c259cc30110e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 1496	1468	rundll32.exe	27
PID 1468 wrote to memory of 1496	1468	rundll32.exe	27
PID 1468 wrote to memory of 1496	1468	rundll32.exe	27
PID 1468 wrote to memory of 1496	1468	rundll32.exe	27
PID 1468 wrote to memory of 1496	1468	rundll32.exe	27
PID 1468 wrote to memory of 1496	1468	rundll32.exe	27
PID 1468 wrote to memory of 1496	1468	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ceae9330ae63c20b38bfc374062c0425f17dc55088f27f4af2d12e680efd533.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ceae9330ae63c20b38bfc374062c0425f17dc55088f27f4af2d12e680efd533.dll,#1
  2⤵
  PID:1496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1496-55-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download