3b4a12a9aeedc49fbd70a540aedb21e00672f436343c7555f795d67598502a32 | Triage

Analysis

max time kernel
4s
max time network
9s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:41

Sharing

Report Analysis Logs

General

Target

3b4a12a9aeedc49fbd70a540aedb21e00672f436343c7555f795d67598502a32.dll
Size

236KB
MD5

026b3fb90348681aa4573256b97fb2d1
SHA1

872dcb020a087b1f428cf8db46c9150cd3845db1
SHA256

3b4a12a9aeedc49fbd70a540aedb21e00672f436343c7555f795d67598502a32
SHA512

16f68da961bd31eaca91d8bf4fbd23ff093e3fee8b95946036da18d1654be54fcce04be77f7e0fa1533aa0f62539b2bfe889c9a4243b2572c33c1f665db29ce5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 384 wrote to memory of 1860	384	rundll32.exe	rundll32.exe
PID 384 wrote to memory of 1860	384	rundll32.exe	rundll32.exe
PID 384 wrote to memory of 1860	384	rundll32.exe	rundll32.exe
PID 384 wrote to memory of 1860	384	rundll32.exe	rundll32.exe
PID 384 wrote to memory of 1860	384	rundll32.exe	rundll32.exe
PID 384 wrote to memory of 1860	384	rundll32.exe	rundll32.exe
PID 384 wrote to memory of 1860	384	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b4a12a9aeedc49fbd70a540aedb21e00672f436343c7555f795d67598502a32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:384

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b4a12a9aeedc49fbd70a540aedb21e00672f436343c7555f795d67598502a32.dll,#1
2⤵
PID:1860

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1860-2-0x0000000000000000-mapping.dmp

Download
memory/1860-3-0x0000000076241000-0x0000000076243000-memory.dmp

Filesize
8KB

Download