b00a6dc0bed4f5e6269082ac9adec2f328f3150b73883a362d7f5b160bef6518 | Triage

Analysis

max time kernel
122s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 15:15

Sharing

Report Analysis Logs

General

Target

b00a6dc0bed4f5e6269082ac9adec2f328f3150b73883a362d7f5b160bef6518.dll
Size

4KB
MD5

43440154c5ff9291b68b6631ca7db980
SHA1

6e3a88967bd406b9a58ca3ea6793d0034ac3720d
SHA256

b00a6dc0bed4f5e6269082ac9adec2f328f3150b73883a362d7f5b160bef6518
SHA512

eeb72d5c9e4ea9c01394f3e75081b2723acaeab1324dc66d61db6e2333a0201d22f7b46c78a994803fdb42a0816410e1caa7989fce24def10c1949036667d2f7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 1756	2016	rundll32.exe	81
PID 2016 wrote to memory of 1756	2016	rundll32.exe	81
PID 2016 wrote to memory of 1756	2016	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b00a6dc0bed4f5e6269082ac9adec2f328f3150b73883a362d7f5b160bef6518.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b00a6dc0bed4f5e6269082ac9adec2f328f3150b73883a362d7f5b160bef6518.dll,#1
  2⤵
  PID:1756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads