6634cfe724ff63549cf2ecd6828c65bcf8ad27ff72b31b4824cf2898cb4dc056 | Triage

Analysis

max time kernel
151s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 11:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6634cfe724ff63549cf2ecd6828c65bcf8ad27ff72b31b4824cf2898cb4dc056.dll
Size

4KB
MD5

a15e0e10e3f5f3c1ecc56efde2c94800
SHA1

f1a03989b8825db141b8c4cf89e86107b044d4a9
SHA256

6634cfe724ff63549cf2ecd6828c65bcf8ad27ff72b31b4824cf2898cb4dc056
SHA512

1a83404444e3f76bea9c25bf59195eaaaeb14f7e506c50bc8f7c4385284ecf3b48542c8db307ae0e7e6c9239e031f4796a6072ccf279ce795a8677805c11afaf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 3444	1724	rundll32.exe	81
PID 1724 wrote to memory of 3444	1724	rundll32.exe	81
PID 1724 wrote to memory of 3444	1724	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6634cfe724ff63549cf2ecd6828c65bcf8ad27ff72b31b4824cf2898cb4dc056.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6634cfe724ff63549cf2ecd6828c65bcf8ad27ff72b31b4824cf2898cb4dc056.dll,#1
  2⤵
  PID:3444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads