3be6efe16808b17ceab22c919d78732ccd63b012a00aacb354f8ebfc1408c311 | Triage

Analysis

max time kernel
3s
max time network
5s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
19-01-2022 05:00

Sharing

Report Analysis Logs

General

Target

3be6efe16808b17ceab22c919d78732ccd63b012a00aacb354f8ebfc1408c311.dll
Size

628KB
MD5

bb2dba09511b56a9e2b3ef9aa9ac7674
SHA1

020ef1abbffac027c7d187a5dd48c43affcf7e90
SHA256

3be6efe16808b17ceab22c919d78732ccd63b012a00aacb354f8ebfc1408c311
SHA512

240cce0518a5560553f808dcf0844045b34e25e164be3478d11f8650516ac18e06c1fd819aa310d3e8d7c504816d569e7742fb6473eaefd7d6596bbfb3c17f8a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1568 wrote to memory of 2184	1568	rundll32.exe	rundll32.exe
PID 1568 wrote to memory of 2184	1568	rundll32.exe	rundll32.exe
PID 1568 wrote to memory of 2184	1568	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3be6efe16808b17ceab22c919d78732ccd63b012a00aacb354f8ebfc1408c311.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1568

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3be6efe16808b17ceab22c919d78732ccd63b012a00aacb354f8ebfc1408c311.dll,#1
2⤵
PID:2184

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...