3b092887a1b6ae5ee20d24eee5e2980cfb155cbbc3cf3737e6bb227f10bc90c5 | Triage

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
03-07-2022 18:03

Sharing

Report Analysis Logs

General

Target

3b092887a1b6ae5ee20d24eee5e2980cfb155cbbc3cf3737e6bb227f10bc90c5.dll
Size

207KB
MD5

a87641df2604d52fd9047e13dd89f63f
SHA1

a225f12977332cdbe151664789897982ac9adcd6
SHA256

3b092887a1b6ae5ee20d24eee5e2980cfb155cbbc3cf3737e6bb227f10bc90c5
SHA512

97c24072a7656e7095a97cbdcbf7aa2a0e47b774d22b3113e63d38b3426e08a84adfe779a832accafd9a5ddfca478cf0b5a0cf23f7547ba04d64e40061a0dd03

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 780 wrote to memory of 908	780	rundll32.exe	rundll32.exe
PID 780 wrote to memory of 908	780	rundll32.exe	rundll32.exe
PID 780 wrote to memory of 908	780	rundll32.exe	rundll32.exe
PID 780 wrote to memory of 908	780	rundll32.exe	rundll32.exe
PID 780 wrote to memory of 908	780	rundll32.exe	rundll32.exe
PID 780 wrote to memory of 908	780	rundll32.exe	rundll32.exe
PID 780 wrote to memory of 908	780	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b092887a1b6ae5ee20d24eee5e2980cfb155cbbc3cf3737e6bb227f10bc90c5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:780

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b092887a1b6ae5ee20d24eee5e2980cfb155cbbc3cf3737e6bb227f10bc90c5.dll,#1
2⤵
PID:908

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/908-54-0x0000000000000000-mapping.dmp

Download
memory/908-55-0x0000000076531000-0x0000000076533000-memory.dmp

Filesize
8KB

Download