6ee96d64ae50b36b714661099cea1e768e37a8c6262cdfd2451ef5338a955a31 | Triage

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 13:23

Sharing

Report Analysis Logs

General

Target

6ee96d64ae50b36b714661099cea1e768e37a8c6262cdfd2451ef5338a955a31.dll
Size

3KB
MD5

834a220dfa658f4a4440fb9b4ebda6b0
SHA1

5ba66de39086e390efc0b05418d1d3f1125a4bbe
SHA256

6ee96d64ae50b36b714661099cea1e768e37a8c6262cdfd2451ef5338a955a31
SHA512

6bfc51ac91865805b5803b5c60cfe4de702690d89dc877cfd1615175341e0416688c225fbbb0a42a5c97ba6b83a5d3191564482f6793ece455c390b1f6ea297b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 1032	1972	rundll32.exe	28
PID 1972 wrote to memory of 1032	1972	rundll32.exe	28
PID 1972 wrote to memory of 1032	1972	rundll32.exe	28
PID 1972 wrote to memory of 1032	1972	rundll32.exe	28
PID 1972 wrote to memory of 1032	1972	rundll32.exe	28
PID 1972 wrote to memory of 1032	1972	rundll32.exe	28
PID 1972 wrote to memory of 1032	1972	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ee96d64ae50b36b714661099cea1e768e37a8c6262cdfd2451ef5338a955a31.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ee96d64ae50b36b714661099cea1e768e37a8c6262cdfd2451ef5338a955a31.dll,#1
  2⤵
  PID:1032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1032-55-0x0000000075501000-0x0000000075503000-memory.dmp

Filesize
8KB

Download