6ee96d64ae50b36b714661099cea1e768e37a8c6262cdfd2451ef5338a955a31 | Triage

Analysis

max time kernel
92s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/10/2022, 13:23

Sharing

Report Analysis Logs

General

Target

6ee96d64ae50b36b714661099cea1e768e37a8c6262cdfd2451ef5338a955a31.dll
Size

3KB
MD5

834a220dfa658f4a4440fb9b4ebda6b0
SHA1

5ba66de39086e390efc0b05418d1d3f1125a4bbe
SHA256

6ee96d64ae50b36b714661099cea1e768e37a8c6262cdfd2451ef5338a955a31
SHA512

6bfc51ac91865805b5803b5c60cfe4de702690d89dc877cfd1615175341e0416688c225fbbb0a42a5c97ba6b83a5d3191564482f6793ece455c390b1f6ea297b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 4944	4960	rundll32.exe	82
PID 4960 wrote to memory of 4944	4960	rundll32.exe	82
PID 4960 wrote to memory of 4944	4960	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ee96d64ae50b36b714661099cea1e768e37a8c6262cdfd2451ef5338a955a31.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ee96d64ae50b36b714661099cea1e768e37a8c6262cdfd2451ef5338a955a31.dll,#1
  2⤵
  PID:4944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads