ec906bddecccdb194377cfe7f716e199c1259a98d974822ccc96213cb19eb87c | Triage

Analysis

max time kernel
250s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 15:05

Sharing

Report Analysis Logs

General

Target

ec906bddecccdb194377cfe7f716e199c1259a98d974822ccc96213cb19eb87c.dll
Size

3KB
MD5

cb05f13ba65c5359e654e27dff8edd9b
SHA1

b78a695f911f0447f6ab2d85e413aeb71a046686
SHA256

ec906bddecccdb194377cfe7f716e199c1259a98d974822ccc96213cb19eb87c
SHA512

65631e646403e9031a536b77c844fb4fdb523bcae095d3ab43e5bf195ad112d8397fbc12e8fbfc948241da88938294e159b83621bea8d37f6003f7c21bc8d6c9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4860 wrote to memory of 2040	4860	rundll32.exe	80
PID 4860 wrote to memory of 2040	4860	rundll32.exe	80
PID 4860 wrote to memory of 2040	4860	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ec906bddecccdb194377cfe7f716e199c1259a98d974822ccc96213cb19eb87c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4860
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ec906bddecccdb194377cfe7f716e199c1259a98d974822ccc96213cb19eb87c.dll,#1
  2⤵
  PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads