27dd13f1594175d1084205aea35467b025be2f0616fbf9dcd1b13bddc970640c | Triage

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7v20201028
submitted
08-04-2021 05:20

Sharing

Report Analysis Logs

General

Target

F3BICLLB.dll.694C9C0C_64EF_4653_AE1B_D65BADBFFC87.dll
Size

114KB
MD5

97712ccfdb5654e6f095fb9642c1ab1d
SHA1

dc29b38e915134013b3c8b6ece0f5d17fc07fd9d
SHA256

53932e80c4f4b391e7865e15fa68a3b036ca62fbf3b04c81d9ef53b8aab25ecc
SHA512

997d99a6f3e5f3c2b8c03ab4896f51bc240e33300223909f5df4db63945033909aecb4f41c53b666ea612e44de7cb01bdbb08cb72f68959c4132d92824af56c1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1100 wrote to memory of 2012	1100	rundll32.exe	rundll32.exe
PID 1100 wrote to memory of 2012	1100	rundll32.exe	rundll32.exe
PID 1100 wrote to memory of 2012	1100	rundll32.exe	rundll32.exe
PID 1100 wrote to memory of 2012	1100	rundll32.exe	rundll32.exe
PID 1100 wrote to memory of 2012	1100	rundll32.exe	rundll32.exe
PID 1100 wrote to memory of 2012	1100	rundll32.exe	rundll32.exe
PID 1100 wrote to memory of 2012	1100	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\F3BICLLB.dll.694C9C0C_64EF_4653_AE1B_D65BADBFFC87.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1100

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\F3BICLLB.dll.694C9C0C_64EF_4653_AE1B_D65BADBFFC87.dll,#1
2⤵
PID:2012

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2012-2-0x0000000000000000-mapping.dmp

Download
memory/2012-3-0x00000000760C1000-0x00000000760C3000-memory.dmp

Filesize
8KB

Download