3b7f133a26a72f8c60627a51978887bccd9cffc32f527621bef81c1cd92a545a | Triage

Analysis

max time kernel
137s
max time network
217s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
03-07-2022 16:17

Sharing

Report Analysis Logs

General

Target

3b7f133a26a72f8c60627a51978887bccd9cffc32f527621bef81c1cd92a545a.dll
Size

207KB
MD5

b6c818d69ff341e4bb49e5fc84ce1430
SHA1

f9f6e346bfd22be381fdbbeec16a0a99343072f3
SHA256

3b7f133a26a72f8c60627a51978887bccd9cffc32f527621bef81c1cd92a545a
SHA512

f7a1cdbfe76fdaa9e008077e8e5a873e7b444effcadfee8c491948c62b437ffac008c545f3327b4624ba5aa12e97cea231c4f9b09827194dbab20a3b6aba714c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4084 wrote to memory of 1044	4084	rundll32.exe	rundll32.exe
PID 4084 wrote to memory of 1044	4084	rundll32.exe	rundll32.exe
PID 4084 wrote to memory of 1044	4084	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b7f133a26a72f8c60627a51978887bccd9cffc32f527621bef81c1cd92a545a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4084

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b7f133a26a72f8c60627a51978887bccd9cffc32f527621bef81c1cd92a545a.dll,#1
2⤵
PID:1044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1044-131-0x0000000000000000-mapping.dmp

Download