Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 15:52

General

  • Target

    3f04cac8720ba9018281301a2cc7313e51d2d3a79f4c22ca300c65c0b5821a8a.dll

  • Size

    87KB

  • MD5

    73106f02c701e7ac7d4539ab60ceebdc

  • SHA1

    2aa7a8cd1b925923af5486b0981bb1ef2f6ac4e6

  • SHA256

    3f04cac8720ba9018281301a2cc7313e51d2d3a79f4c22ca300c65c0b5821a8a

  • SHA512

    0c7fd80106819ca4149fb67d5139742861d1139dfeb77925bd113ea7fc30a81fc90ea4a41451e9c0d3bfd83b75fd2627d88c0363d70abb42e5867869e09bd27d

  • SSDEEP

    1536:mjqjoQQLyIie3SCMDaaUyuMX1EFGg9lu3qZJQLDIwzDKrVHOmWSEZ9:VopLT/fMWaruMlEdbu3qZJQLDIwvKrpe

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f04cac8720ba9018281301a2cc7313e51d2d3a79f4c22ca300c65c0b5821a8a.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2820
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f04cac8720ba9018281301a2cc7313e51d2d3a79f4c22ca300c65c0b5821a8a.dll,#1
      2⤵
        PID:3136

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3136-132-0x0000000000000000-mapping.dmp