ecc9f41a183c364dbbb5e4cd03bbc71cefa7572d6b2ece06ffaaa8cdfffb94a2 | Triage

Analysis

max time kernel
83s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 10:42

Sharing

Report Analysis Logs

General

Target

ecc9f41a183c364dbbb5e4cd03bbc71cefa7572d6b2ece06ffaaa8cdfffb94a2.dll
Size

3KB
MD5

7304f7c4233c809328da708e09d6b996
SHA1

821cd5e34164729571dee8997cb3ce38e9a94592
SHA256

ecc9f41a183c364dbbb5e4cd03bbc71cefa7572d6b2ece06ffaaa8cdfffb94a2
SHA512

5bce286158f4c47c308f7f143488ed6bc75f48006e10a31813a7f88bdb224d24f3818779e1ca6f821343426a7b5120077f8ad7def81c2bc42be69c452c72953c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4480 wrote to memory of 3440	4480	rundll32.exe	55
PID 4480 wrote to memory of 3440	4480	rundll32.exe	55
PID 4480 wrote to memory of 3440	4480	rundll32.exe	55

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ecc9f41a183c364dbbb5e4cd03bbc71cefa7572d6b2ece06ffaaa8cdfffb94a2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4480
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ecc9f41a183c364dbbb5e4cd03bbc71cefa7572d6b2ece06ffaaa8cdfffb94a2.dll,#1
  2⤵
  PID:3440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads