Analysis
-
max time kernel
91s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
01/12/2022, 15:33
General
-
Target
3f7db3e216345dda11e15ce01725167c5ae7b876ee55152fcae658c12e1c2fd7.dll
-
Size
52KB
-
MD5
8508866c0adb2b3191404b5a27e159b0
-
SHA1
5ca2299b2267271642de3e1f42f479822e304552
-
SHA256
3f7db3e216345dda11e15ce01725167c5ae7b876ee55152fcae658c12e1c2fd7
-
SHA512
e58a452de46543f40478c61f748720c58b8290e6efbbc9de9532d5eae1df8027a869a6b16d9789fb612e4fb8cd9bfa74f9a8bd36f7d6fe6fe6d20db51350c8d6
-
SSDEEP
768:UyOMccqi3TJq3kQMXrV/Jd8IqTjGqMW5B0QZhd+zPdCunTEDs6LLwhcL:Udbi3E3kvB/Jd89uQUzPdl/R+
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3f7db3e216345dda11e15ce01725167c5ae7b876ee55152fcae658c12e1c2fd7.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3f7db3e216345dda11e15ce01725167c5ae7b876ee55152fcae658c12e1c2fd7.dll,#12⤵
- Modifies registry class
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵