1a3fdfcb35b5811ea082bd308b0b1bf6dfdabbf527772ba1c6e69a7390e0b674 | Triage

Analysis

max time kernel
30s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
24-06-2022 08:43

Sharing

Report Analysis Logs

General

Target

freebl3.dll
Size

326KB
MD5

ef2834ac4ee7d6724f255beaf527e635
SHA1

5be8c1e73a21b49f353c2ecfa4108e43a883cb7b
SHA256

a770ecba3b08bbabd0a567fc978e50615f8b346709f8eb3cfacf3faab24090ba
SHA512

c6ea0e4347cbd7ef5e80ae8c0afdca20ea23ac2bdd963361dfaf562a9aed58dcbc43f89dd826692a064d76c3f4b3e92361af7b79a6d16a75d9951591ae3544d2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1648 wrote to memory of 1192	1648	rundll32.exe	rundll32.exe
PID 1648 wrote to memory of 1192	1648	rundll32.exe	rundll32.exe
PID 1648 wrote to memory of 1192	1648	rundll32.exe	rundll32.exe
PID 1648 wrote to memory of 1192	1648	rundll32.exe	rundll32.exe
PID 1648 wrote to memory of 1192	1648	rundll32.exe	rundll32.exe
PID 1648 wrote to memory of 1192	1648	rundll32.exe	rundll32.exe
PID 1648 wrote to memory of 1192	1648	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\freebl3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1648

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\freebl3.dll,#1
2⤵
PID:1192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1192-54-0x0000000000000000-mapping.dmp

Download
memory/1192-55-0x0000000075361000-0x0000000075363000-memory.dmp

Filesize
8KB

Download