5586765852943b5d8bc647bfeaebf0fb5894b5fd5839b749cb8d41068d22aebe

Analysis

max time kernel
3s
max time network
5s
platform
windows10_x64
resource
win10v20210408
submitted
29-08-2021 11:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3.dll
Size

38KB
MD5

8ca2c9564335afda47c143bf9342df82
SHA1

414b57313341832f875133db8f4e5a43059546c8
SHA256

5586765852943b5d8bc647bfeaebf0fb5894b5fd5839b749cb8d41068d22aebe
SHA512

7f210454015fcced266fae77c2da3bea740ee91800fa49b4e5f242ae854ea386758dcb29ff96538b3d424e9a4c198c067683a243bc7aae3bc06c1413b85f4e66

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 45 IoCs

description	pid	Process
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe
PID 4016 set thread context of 0	4016	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4016	rundll32.exe
4016	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3.dll,#1
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
PID:4016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4016-114-0x000002058ADD0000-0x000002058B384000-memory.dmp

Filesize
5.7MB

Download
memory/4016-116-0x000002058AC30000-0x000002058AC31000-memory.dmp

Filesize
4KB

Download
memory/4016-115-0x000002058AC20000-0x000002058AC21000-memory.dmp

Filesize
4KB

Download
memory/4016-117-0x000002058AC40000-0x000002058AC41000-memory.dmp

Filesize
4KB

Download
memory/4016-118-0x000002058AC50000-0x000002058AC51000-memory.dmp

Filesize
4KB

Download
memory/4016-119-0x000002058AC60000-0x000002058AC61000-memory.dmp

Filesize
4KB

Download
memory/4016-121-0x000002058AC80000-0x000002058AC81000-memory.dmp

Filesize
4KB

Download
memory/4016-122-0x000002058B390000-0x000002058B391000-memory.dmp

Filesize
4KB

Download
memory/4016-120-0x000002058AC70000-0x000002058AC71000-memory.dmp

Filesize
4KB

Download
memory/4016-123-0x000002058B3A0000-0x000002058B3A1000-memory.dmp

Filesize
4KB

Download
memory/4016-124-0x000002058B3B0000-0x000002058B3B1000-memory.dmp

Filesize
4KB

Download
memory/4016-125-0x000002058B3C0000-0x000002058B3C1000-memory.dmp

Filesize
4KB

Download