35823106288275adb9d1bd4bc25f08d8c1b8803540b8d8b2040b8098a1450ace.bin.sample

General
Target

35823106288275adb9d1bd4bc25f08d8c1b8803540b8d8b2040b8098a1450ace.bin.sample.dll

Filesize

8MB

Completed

10-07-2021 10:38

Score
1/10
MD5

d312c332180ca2fbc961dbe7557690de

SHA1

115a5a6c3b8e40d3abca0e99dd355141ef7a35ba

SHA256

35823106288275adb9d1bd4bc25f08d8c1b8803540b8d8b2040b8098a1450ace

Malware Config
Signatures 1

Filter: none

  • Suspicious use of WriteProcessMemory
    rundll32.exe

    Reported IOCs

    descriptionpidprocesstarget process
    PID 1496 wrote to memory of 38321496rundll32.exerundll32.exe
    PID 1496 wrote to memory of 38321496rundll32.exerundll32.exe
    PID 1496 wrote to memory of 38321496rundll32.exerundll32.exe
Processes 2
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\35823106288275adb9d1bd4bc25f08d8c1b8803540b8d8b2040b8098a1450ace.bin.sample.dll,#1
    Suspicious use of WriteProcessMemory
    PID:1496
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\35823106288275adb9d1bd4bc25f08d8c1b8803540b8d8b2040b8098a1450ace.bin.sample.dll,#1
      PID:3832
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/3832-114-0x0000000000000000-mapping.dmp