f3c96d51cad0b0737f305bc6befd26e1e229a264c208f5c87d6fe4126529a6b7 | Triage

Analysis

max time kernel
14s
max time network
20s
platform
windows10_x64
resource
win10v20210408
submitted
21-04-2021 21:58

Sharing

Report Analysis Logs

General

Target

f3c96d51cad0b0737f305bc6befd26e1e229a264c208f5c87d6fe4126529a6b7.dll
Size

162KB
MD5

48a8fc19b7c05823c2d0e8773c322165
SHA1

fdbf70927d1841d78a56c048cc70870119586735
SHA256

f3c96d51cad0b0737f305bc6befd26e1e229a264c208f5c87d6fe4126529a6b7
SHA512

db1522a630004bba59001f9802989dce8f9b3591142c7223c5816793010cd53722897d928e399d6d80881433078924f9ab84c5c768ffd4989dc187e7a4a66c3f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 796 wrote to memory of 1160	796	rundll32.exe	rundll32.exe
PID 796 wrote to memory of 1160	796	rundll32.exe	rundll32.exe
PID 796 wrote to memory of 1160	796	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f3c96d51cad0b0737f305bc6befd26e1e229a264c208f5c87d6fe4126529a6b7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:796

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f3c96d51cad0b0737f305bc6befd26e1e229a264c208f5c87d6fe4126529a6b7.dll,#1
2⤵
PID:1160

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1160-114-0x0000000000000000-mapping.dmp

Download