6185d5f8a0d073220f85bd1d94b8f5128b4815c59f6cecf61c9dc83fe34fb27e | Triage

Analysis

max time kernel
190s
max time network
214s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 21:49

Sharing

Report Analysis Logs

General

Target

6185d5f8a0d073220f85bd1d94b8f5128b4815c59f6cecf61c9dc83fe34fb27e.dll
Size

3KB
MD5

cc5fc78521029acc5df37c2fa8296660
SHA1

19ab2e5bb768291ea6578144f9c35bd3b4fb5f16
SHA256

6185d5f8a0d073220f85bd1d94b8f5128b4815c59f6cecf61c9dc83fe34fb27e
SHA512

41b5846b6bbdaef4a3acd4349e7e2226ade8f96f716500fac557db102b7c2a643bde70d0a31cf7208b62a640aab62daefbd12b6f1e884e06b433cc9225a35bbe

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 260 wrote to memory of 3380	260	rundll32.exe	81
PID 260 wrote to memory of 3380	260	rundll32.exe	81
PID 260 wrote to memory of 3380	260	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6185d5f8a0d073220f85bd1d94b8f5128b4815c59f6cecf61c9dc83fe34fb27e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:260
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6185d5f8a0d073220f85bd1d94b8f5128b4815c59f6cecf61c9dc83fe34fb27e.dll,#1
  2⤵
  PID:3380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads