bd3511db489e06a09cbe3f91ef7ef8f5ada5e39b0ade781f744896dd46bef213 | Triage

Analysis

max time kernel
3s
max time network
14s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
18-01-2022 21:18

Sharing

Report Analysis Logs

General

Target

bd3511db489e06a09cbe3f91ef7ef8f5ada5e39b0ade781f744896dd46bef213.dll
Size

630KB
MD5

40c4c9f214b47e21fd9632c4f1d35900
SHA1

7c8ac3aa2e4312a7d6323f46cbe6f619fc61124d
SHA256

bd3511db489e06a09cbe3f91ef7ef8f5ada5e39b0ade781f744896dd46bef213
SHA512

cb68a118692cd6f8b9875b8d83c600b705438d729550e99c6c3791b017e3e19b08cc66bedcaaa8db58b6af062ef7a7a05da9427906d24d9db685329c5ff369fe

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2312 wrote to memory of 3936	2312	rundll32.exe	rundll32.exe
PID 2312 wrote to memory of 3936	2312	rundll32.exe	rundll32.exe
PID 2312 wrote to memory of 3936	2312	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd3511db489e06a09cbe3f91ef7ef8f5ada5e39b0ade781f744896dd46bef213.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2312

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd3511db489e06a09cbe3f91ef7ef8f5ada5e39b0ade781f744896dd46bef213.dll,#1
2⤵
PID:3936

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...