e3bfd105e4fed6d9b551b4604ee9b5f429f95f0a3ff9b86cfdc186a8f87110f0 | Triage

Analysis

max time kernel
112s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 00:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e3bfd105e4fed6d9b551b4604ee9b5f429f95f0a3ff9b86cfdc186a8f87110f0.dll
Size

4KB
MD5

29a9f4050ea5d2cff83db3b0e463acf0
SHA1

05581c6a7701322d56b7fc7f1ee227a7fbdff705
SHA256

e3bfd105e4fed6d9b551b4604ee9b5f429f95f0a3ff9b86cfdc186a8f87110f0
SHA512

88c4ce33dadc3dbf65eb17b4dfdb729b9a9b890e5fdd558271c26655bc0edc1d9feae729c6c8106361fa8c6574e6f510eca69f2310751ecfe2e4009c73e2ceef

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3404 wrote to memory of 636	3404	rundll32.exe	82
PID 3404 wrote to memory of 636	3404	rundll32.exe	82
PID 3404 wrote to memory of 636	3404	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e3bfd105e4fed6d9b551b4604ee9b5f429f95f0a3ff9b86cfdc186a8f87110f0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3404
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e3bfd105e4fed6d9b551b4604ee9b5f429f95f0a3ff9b86cfdc186a8f87110f0.dll,#1
  2⤵
  PID:636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads