0f3f411b1a0a21603718af7d9b42f00cfaed9187e29a2282c964c63029d44f26

General
Target

0f3f411b1a0a21603718af7d9b42f00cfaed9187e29a2282c964c63029d44f26.dll

Filesize

184KB

Completed

23-02-2021 12:44

Score
1 /10
MD5

65471b2f63dadbcc2175b5bf90c094e6

SHA1

a4736b0eaef5a29d6150146899302e3e6a07d8b9

SHA256

0f3f411b1a0a21603718af7d9b42f00cfaed9187e29a2282c964c63029d44f26

Malware Config
Signatures 1

Filter: none

  • Suspicious use of WriteProcessMemory
    rundll32.exe

    Reported IOCs

    descriptionpidprocesstarget process
    PID 1676 wrote to memory of 14921676rundll32.exerundll32.exe
    PID 1676 wrote to memory of 14921676rundll32.exerundll32.exe
    PID 1676 wrote to memory of 14921676rundll32.exerundll32.exe
    PID 1676 wrote to memory of 14921676rundll32.exerundll32.exe
    PID 1676 wrote to memory of 14921676rundll32.exerundll32.exe
    PID 1676 wrote to memory of 14921676rundll32.exerundll32.exe
    PID 1676 wrote to memory of 14921676rundll32.exerundll32.exe
Processes 2
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f3f411b1a0a21603718af7d9b42f00cfaed9187e29a2282c964c63029d44f26.dll,#1
    Suspicious use of WriteProcessMemory
    PID:1676
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f3f411b1a0a21603718af7d9b42f00cfaed9187e29a2282c964c63029d44f26.dll,#1
      PID:1492
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/1492-3-0x0000000075A41000-0x0000000075A43000-memory.dmp

                          • memory/1492-2-0x0000000000000000-mapping.dmp