Analysis
-
max time kernel
21s -
max time network
81s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
01-02-2022 09:26
Static task
static1
Behavioral task
behavioral1
Sample
b3cb381f114ec9c163335509a217bbe1c6baa8d2cf5655b5ff84fd8d0a28dc9a.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
b3cb381f114ec9c163335509a217bbe1c6baa8d2cf5655b5ff84fd8d0a28dc9a.dll
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
b3cb381f114ec9c163335509a217bbe1c6baa8d2cf5655b5ff84fd8d0a28dc9a.dll
-
Size
257KB
-
MD5
5932c1d8e10c2032f9d05da06d1ae299
-
SHA1
aef4c1c9496c034e17d5917f9754e61a4ba01306
-
SHA256
b3cb381f114ec9c163335509a217bbe1c6baa8d2cf5655b5ff84fd8d0a28dc9a
-
SHA512
55eecb201ff082a5ae1a644649931123e725a7621dd607da1a827d2309c4256adf735b5b42a64f4d078843e7d414aacfe8f3a61f478584afac1f1a222282cd68
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2664 wrote to memory of 3816 2664 rundll32.exe rundll32.exe PID 2664 wrote to memory of 3816 2664 rundll32.exe rundll32.exe PID 2664 wrote to memory of 3816 2664 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b3cb381f114ec9c163335509a217bbe1c6baa8d2cf5655b5ff84fd8d0a28dc9a.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b3cb381f114ec9c163335509a217bbe1c6baa8d2cf5655b5ff84fd8d0a28dc9a.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3816-130-0x0000000001F00000-0x0000000001F47000-memory.dmpFilesize
284KB