3f1be0bf22eb9c01ecfd1a9d8a9fbe46ce103567a3876d9c28ab8b2b21feddfc | Triage

Analysis

max time kernel
90s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
01-07-2022 02:41

Sharing

Report Analysis Logs

General

Target

3f1be0bf22eb9c01ecfd1a9d8a9fbe46ce103567a3876d9c28ab8b2b21feddfc.dll
Size

146KB
MD5

e74c3bdd43f79a329239e9680336dafb
SHA1

8eef521c52eb819c066ae097f33ebd0dee43114a
SHA256

3f1be0bf22eb9c01ecfd1a9d8a9fbe46ce103567a3876d9c28ab8b2b21feddfc
SHA512

18a62bf4678e63600a568202990d9f736e7ce46f305895bd94cde6be522a8c480762050944ec7767a39d865972a478e3a2bb31c22e9782630d99cc34c3b19564

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4080 wrote to memory of 752	4080	rundll32.exe	81
PID 4080 wrote to memory of 752	4080	rundll32.exe	81
PID 4080 wrote to memory of 752	4080	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f1be0bf22eb9c01ecfd1a9d8a9fbe46ce103567a3876d9c28ab8b2b21feddfc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f1be0bf22eb9c01ecfd1a9d8a9fbe46ce103567a3876d9c28ab8b2b21feddfc.dll,#1
  2⤵
  PID:752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads