6c474ede87d6c816b19a2e607fb0ed9d395dcebe24fb72412d7fa1694b944c0f | Triage

Analysis

max time kernel
201s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 22:58

Sharing

Report Analysis Logs

General

Target

6c474ede87d6c816b19a2e607fb0ed9d395dcebe24fb72412d7fa1694b944c0f.dll
Size

4KB
MD5

4224dde27f86dcf6f344618099989b00
SHA1

446cd037afb3a2944af3b8978434f98c27f4c59c
SHA256

6c474ede87d6c816b19a2e607fb0ed9d395dcebe24fb72412d7fa1694b944c0f
SHA512

ca703af734f6c11de8fc99ec7ea76ef5298f24fa0380f6fec167fa8bc608c554d1897d9dd30c5107a8cf8476ae56c55d68547bfa3b1491675d2ea170b634fda0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3160 wrote to memory of 2220	3160	rundll32.exe	82
PID 3160 wrote to memory of 2220	3160	rundll32.exe	82
PID 3160 wrote to memory of 2220	3160	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6c474ede87d6c816b19a2e607fb0ed9d395dcebe24fb72412d7fa1694b944c0f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6c474ede87d6c816b19a2e607fb0ed9d395dcebe24fb72412d7fa1694b944c0f.dll,#1
  2⤵
  PID:2220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads