6ce6fe15f159e33291337f16d6a753c8b2f8053e6278599f6c7bd91e0a31c940 | Triage

Analysis

max time kernel
39s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 02:20

Sharing

Report Analysis Logs

General

Target

6ce6fe15f159e33291337f16d6a753c8b2f8053e6278599f6c7bd91e0a31c940.dll
Size

4KB
MD5

daf7320671e18f107817a446421682c0
SHA1

a7f3990834837e5ef46b9c0b9431baa499ad6fd2
SHA256

6ce6fe15f159e33291337f16d6a753c8b2f8053e6278599f6c7bd91e0a31c940
SHA512

636e81964e8829fe0fbaa6a87b35bb189a99b30e0be3a1df6fa75f9543913a8d98cf9d4df1d5d7cbca0fa21c12c68d144eef91d27457b318a034ccaa1fd9ec80

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 1536	1388	rundll32.exe	26
PID 1388 wrote to memory of 1536	1388	rundll32.exe	26
PID 1388 wrote to memory of 1536	1388	rundll32.exe	26
PID 1388 wrote to memory of 1536	1388	rundll32.exe	26
PID 1388 wrote to memory of 1536	1388	rundll32.exe	26
PID 1388 wrote to memory of 1536	1388	rundll32.exe	26
PID 1388 wrote to memory of 1536	1388	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ce6fe15f159e33291337f16d6a753c8b2f8053e6278599f6c7bd91e0a31c940.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ce6fe15f159e33291337f16d6a753c8b2f8053e6278599f6c7bd91e0a31c940.dll,#1
  2⤵
  PID:1536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1536-55-0x00000000768A1000-0x00000000768A3000-memory.dmp

Filesize
8KB

Download