35b2901c794e754022cd2e081f649e917764ba8ed6ad472a4b2eb4477a689bf6 | Triage

Analysis

max time kernel
5s
max time network
8s
platform
windows7_x64
resource
win7v20210410
submitted
13-05-2021 12:57

Sharing

Report Analysis Logs

General

Target

35b2901c794e754022cd2e081f649e917764ba8ed6ad472a4b2eb4477a689bf6.dll
Size

177KB
MD5

9df0a05a986b18d2f2c82f4d1e9293ae
SHA1

3c4927659ccd631a82e31afe0f667834e8e2987a
SHA256

35b2901c794e754022cd2e081f649e917764ba8ed6ad472a4b2eb4477a689bf6
SHA512

5263dbe6a7ea33fe03a1d443842085636d8466363b06f2970d524bec10a19b48536526dc8b6b4b3897cae69ddc5f1e852aaf5ea077217ec8e75fb0f3681ef89a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1996 wrote to memory of 2044	1996	rundll32.exe	rundll32.exe
PID 1996 wrote to memory of 2044	1996	rundll32.exe	rundll32.exe
PID 1996 wrote to memory of 2044	1996	rundll32.exe	rundll32.exe
PID 1996 wrote to memory of 2044	1996	rundll32.exe	rundll32.exe
PID 1996 wrote to memory of 2044	1996	rundll32.exe	rundll32.exe
PID 1996 wrote to memory of 2044	1996	rundll32.exe	rundll32.exe
PID 1996 wrote to memory of 2044	1996	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\35b2901c794e754022cd2e081f649e917764ba8ed6ad472a4b2eb4477a689bf6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1996

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\35b2901c794e754022cd2e081f649e917764ba8ed6ad472a4b2eb4477a689bf6.dll,#1
2⤵
PID:2044

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2044-59-0x0000000000000000-mapping.dmp

Download
memory/2044-60-0x0000000075D41000-0x0000000075D43000-memory.dmp

Filesize
8KB

Download