3de1fb0d1108907fd61d6d6b9a4c6b856af509e0af35578f158cfce5d634fe07 | Triage

Analysis

max time kernel
151s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220331-en
submitted
12-04-2022 09:32

Sharing

Report Analysis Logs

General

Target

freebl3.dll
Size

326KB
MD5

ef2834ac4ee7d6724f255beaf527e635
SHA1

5be8c1e73a21b49f353c2ecfa4108e43a883cb7b
SHA256

a770ecba3b08bbabd0a567fc978e50615f8b346709f8eb3cfacf3faab24090ba
SHA512

c6ea0e4347cbd7ef5e80ae8c0afdca20ea23ac2bdd963361dfaf562a9aed58dcbc43f89dd826692a064d76c3f4b3e92361af7b79a6d16a75d9951591ae3544d2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3084 wrote to memory of 3244	3084	rundll32.exe	rundll32.exe
PID 3084 wrote to memory of 3244	3084	rundll32.exe	rundll32.exe
PID 3084 wrote to memory of 3244	3084	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\freebl3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3084

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\freebl3.dll,#1
2⤵
PID:3244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3244-124-0x0000000000000000-mapping.dmp

Download