1a3fdfcb35b5811ea082bd308b0b1bf6dfdabbf527772ba1c6e69a7390e0b674 | Triage

Analysis

max time kernel
100s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
23-04-2022 14:43

Sharing

Report Analysis Logs

General

Target

freebl3.dll
Size

326KB
MD5

ef2834ac4ee7d6724f255beaf527e635
SHA1

5be8c1e73a21b49f353c2ecfa4108e43a883cb7b
SHA256

a770ecba3b08bbabd0a567fc978e50615f8b346709f8eb3cfacf3faab24090ba
SHA512

c6ea0e4347cbd7ef5e80ae8c0afdca20ea23ac2bdd963361dfaf562a9aed58dcbc43f89dd826692a064d76c3f4b3e92361af7b79a6d16a75d9951591ae3544d2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4900 wrote to memory of 1296	4900	rundll32.exe	rundll32.exe
PID 4900 wrote to memory of 1296	4900	rundll32.exe	rundll32.exe
PID 4900 wrote to memory of 1296	4900	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\freebl3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4900

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\freebl3.dll,#1
2⤵
PID:1296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1296-130-0x0000000000000000-mapping.dmp

Download