3509b02cb0a2babbddb6a8f51f998fc4175c709f2f8eea24125dd6d553caead3.bin.sample

General
Target

3509b02cb0a2babbddb6a8f51f998fc4175c709f2f8eea24125dd6d553caead3.bin.sample.dll

Filesize

8MB

Completed

10-07-2021 10:39

Score
1/10
MD5

fada1e4d584af359a688b0631d645f4a

SHA1

e95e15c225fb25d392282815165fb2dddc267435

SHA256

3509b02cb0a2babbddb6a8f51f998fc4175c709f2f8eea24125dd6d553caead3

Malware Config
Signatures 1

Filter: none

  • Suspicious use of WriteProcessMemory
    rundll32.exe

    Reported IOCs

    descriptionpidprocesstarget process
    PID 3896 wrote to memory of 32123896rundll32.exerundll32.exe
    PID 3896 wrote to memory of 32123896rundll32.exerundll32.exe
    PID 3896 wrote to memory of 32123896rundll32.exerundll32.exe
Processes 2
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\3509b02cb0a2babbddb6a8f51f998fc4175c709f2f8eea24125dd6d553caead3.bin.sample.dll,#1
    Suspicious use of WriteProcessMemory
    PID:3896
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\3509b02cb0a2babbddb6a8f51f998fc4175c709f2f8eea24125dd6d553caead3.bin.sample.dll,#1
      PID:3212
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/3212-114-0x0000000000000000-mapping.dmp