1d735649a27067b1397141a75e74e858c62457d05aa6be1d69b17d4e1835db49 | Triage

Analysis

max time kernel
8s
max time network
14s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
20-01-2022 05:00

Sharing

Report Analysis Logs

General

Target

1d735649a27067b1397141a75e74e858c62457d05aa6be1d69b17d4e1835db49.dll
Size

628KB
MD5

e3639b7a074b4349f96e9dcf59c22cde
SHA1

36ebed9ab3e530752a49658f76cf6c26bbebbd97
SHA256

1d735649a27067b1397141a75e74e858c62457d05aa6be1d69b17d4e1835db49
SHA512

49042451af9bc8bc383bc9eff248447fda7c0437941a1e6f2a97276d9d9aee464045423e594084fb4865e997a7f5db82baf066244faf94e1e24f74a6cfc45083

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3152 wrote to memory of 1696	3152	rundll32.exe	rundll32.exe
PID 3152 wrote to memory of 1696	3152	rundll32.exe	rundll32.exe
PID 3152 wrote to memory of 1696	3152	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1d735649a27067b1397141a75e74e858c62457d05aa6be1d69b17d4e1835db49.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3152

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1d735649a27067b1397141a75e74e858c62457d05aa6be1d69b17d4e1835db49.dll,#1
2⤵
PID:1696

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...