3d0173f7601169b76be9073a46c7f81335c19bcedb07aae411e3c8ff257d46b0 | Triage

Analysis

max time kernel
125s
max time network
125s
platform
windows10_x64
resource
win10-en-20211014
submitted
26-10-2021 14:22

Sharing

Report Analysis Logs

General

Target

3d0173f7601169b76be9073a46c7f81335c19bcedb07aae411e3c8ff257d46b0.bin.dll
Size

54KB
MD5

54ce84a286edaa47770e16d28b2f6d4c
SHA1

2b1fa03645cb1a5488ba8196389a1c899c48231e
SHA256

3d0173f7601169b76be9073a46c7f81335c19bcedb07aae411e3c8ff257d46b0
SHA512

bfc30ce682a5f0a2b31ab27d52b3119b8d35f5a888ca71c5b179e573c9be9aed1b78ce70730e9e4b28d97b8e649357e7f7d5cf946cd0b157445e8218cb460ef2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2640 wrote to memory of 2700	2640	rundll32.exe	rundll32.exe
PID 2640 wrote to memory of 2700	2640	rundll32.exe	rundll32.exe
PID 2640 wrote to memory of 2700	2640	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d0173f7601169b76be9073a46c7f81335c19bcedb07aae411e3c8ff257d46b0.bin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2640

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d0173f7601169b76be9073a46c7f81335c19bcedb07aae411e3c8ff257d46b0.bin.dll,#1
2⤵
PID:2700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2700-115-0x0000000000000000-mapping.dmp

Download