6921f9d1760e91266b0dcd39a018e9179d67fbe2968e0b0fd4249cff32bd8ebb | Triage

Analysis

max time kernel
176s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 18:20

Sharing

Report Analysis Logs

General

Target

6921f9d1760e91266b0dcd39a018e9179d67fbe2968e0b0fd4249cff32bd8ebb.dll
Size

3KB
MD5

ea954ffd3471db09da4b1589c8626240
SHA1

cc72185955a06a7c1e11b1ca54ddd45bdd82afbe
SHA256

6921f9d1760e91266b0dcd39a018e9179d67fbe2968e0b0fd4249cff32bd8ebb
SHA512

bafbe5b7f3a59d4db4cef369b55228f241d67534e1b6c23521de27fa184892e02559933be07e36036b329e9f28e39831846c50133e3d2fa8599a90c67aa383e3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5020 wrote to memory of 1576	5020	rundll32.exe	83
PID 5020 wrote to memory of 1576	5020	rundll32.exe	83
PID 5020 wrote to memory of 1576	5020	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6921f9d1760e91266b0dcd39a018e9179d67fbe2968e0b0fd4249cff32bd8ebb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6921f9d1760e91266b0dcd39a018e9179d67fbe2968e0b0fd4249cff32bd8ebb.dll,#1
  2⤵
  PID:1576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads