3b092887a1b6ae5ee20d24eee5e2980cfb155cbbc3cf3737e6bb227f10bc90c5 | Triage

Analysis

max time kernel
137s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
03-07-2022 18:03

Sharing

Report Analysis Logs

General

Target

3b092887a1b6ae5ee20d24eee5e2980cfb155cbbc3cf3737e6bb227f10bc90c5.dll
Size

207KB
MD5

a87641df2604d52fd9047e13dd89f63f
SHA1

a225f12977332cdbe151664789897982ac9adcd6
SHA256

3b092887a1b6ae5ee20d24eee5e2980cfb155cbbc3cf3737e6bb227f10bc90c5
SHA512

97c24072a7656e7095a97cbdcbf7aa2a0e47b774d22b3113e63d38b3426e08a84adfe779a832accafd9a5ddfca478cf0b5a0cf23f7547ba04d64e40061a0dd03

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3988 wrote to memory of 3840	3988	rundll32.exe	rundll32.exe
PID 3988 wrote to memory of 3840	3988	rundll32.exe	rundll32.exe
PID 3988 wrote to memory of 3840	3988	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b092887a1b6ae5ee20d24eee5e2980cfb155cbbc3cf3737e6bb227f10bc90c5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3988

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b092887a1b6ae5ee20d24eee5e2980cfb155cbbc3cf3737e6bb227f10bc90c5.dll,#1
2⤵
PID:3840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3840-130-0x0000000000000000-mapping.dmp

Download