d777b797eca94ab48c10dd972009d28a3a1a9f01133fa156426e065657832527 | Triage

Analysis

max time kernel
101s
max time network
103s
platform
windows10_x64
resource
win10v20210408
submitted
05-10-2021 08:21

Sharing

Report Analysis Logs

General

Target

2d70000.dll
Size

54KB
MD5

b5a2d5064a0ef3b55ffe1b95b3e4731e
SHA1

4f3ee422c7482cf326f56baaecb42c723ef74581
SHA256

d777b797eca94ab48c10dd972009d28a3a1a9f01133fa156426e065657832527
SHA512

66b841e63b1b8a48904c77eaa144b4eff7f587ac3c4fa09833d529e039e1a01cfd8b196ee8dd0c4d08ee77072e0fe36a10e9029f5c515de1014232f019e1efa6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4796 wrote to memory of 4812	4796	rundll32.exe	rundll32.exe
PID 4796 wrote to memory of 4812	4796	rundll32.exe	rundll32.exe
PID 4796 wrote to memory of 4812	4796	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d70000.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4796

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d70000.dll,#1
2⤵
PID:4812

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4812-114-0x0000000000000000-mapping.dmp

Download