3b458b2067e79527841e487b253098085ebf85b3c3e63f3688b00b028bf723c2 | Triage

Analysis

max time kernel
114s
max time network
134s
platform
windows10_x64
resource
win10v20201028
submitted
15-11-2020 22:48

Sharing

Report Analysis Logs

General

Target

3b458b2067e79527841e487b253098085ebf85b3c3e63f3688b00b028bf723c2.dll
Size

207KB
MD5

e339ab39ffb074a3bf0948aad93b0dfd
SHA1

c763dcef46812d14c3268b8e351e58419c420550
SHA256

3b458b2067e79527841e487b253098085ebf85b3c3e63f3688b00b028bf723c2
SHA512

d719d6579f05ada64e14a08c0e2f349d423d9730e796ed5e617abb92a4797de8f0aa1c6c233a60a7592a45508d2485b6cf57500deca94966da575d72dcf630c1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3304 wrote to memory of 636	3304	rundll32.exe	rundll32.exe
PID 3304 wrote to memory of 636	3304	rundll32.exe	rundll32.exe
PID 3304 wrote to memory of 636	3304	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b458b2067e79527841e487b253098085ebf85b3c3e63f3688b00b028bf723c2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3304

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b458b2067e79527841e487b253098085ebf85b3c3e63f3688b00b028bf723c2.dll,#1
2⤵
PID:636

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/636-0-0x0000000000000000-mapping.dmp

Download