b3cb381f114ec9c163335509a217bbe1c6baa8d2cf5655b5ff84fd8d0a28dc9a | Triage

Analysis

max time kernel
21s
max time network
81s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
01-02-2022 09:26

Sharing

Report Analysis Logs

General

Target

b3cb381f114ec9c163335509a217bbe1c6baa8d2cf5655b5ff84fd8d0a28dc9a.dll
Size

257KB
MD5

5932c1d8e10c2032f9d05da06d1ae299
SHA1

aef4c1c9496c034e17d5917f9754e61a4ba01306
SHA256

b3cb381f114ec9c163335509a217bbe1c6baa8d2cf5655b5ff84fd8d0a28dc9a
SHA512

55eecb201ff082a5ae1a644649931123e725a7621dd607da1a827d2309c4256adf735b5b42a64f4d078843e7d414aacfe8f3a61f478584afac1f1a222282cd68

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2664 wrote to memory of 3816	2664	rundll32.exe	rundll32.exe
PID 2664 wrote to memory of 3816	2664	rundll32.exe	rundll32.exe
PID 2664 wrote to memory of 3816	2664	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b3cb381f114ec9c163335509a217bbe1c6baa8d2cf5655b5ff84fd8d0a28dc9a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2664

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b3cb381f114ec9c163335509a217bbe1c6baa8d2cf5655b5ff84fd8d0a28dc9a.dll,#1
2⤵
PID:3816

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3816-130-0x0000000001F00000-0x0000000001F47000-memory.dmp

Filesize
284KB

Download