35c75094eea47858d37e8b0b757875fdfd4cae348819a9fd3bcf82650e88b609 | Triage

Analysis

max time kernel
8s
max time network
12s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
21-01-2022 01:00

Sharing

Report Analysis Logs

General

Target

35c75094eea47858d37e8b0b757875fdfd4cae348819a9fd3bcf82650e88b609.dll
Size

628KB
MD5

1f30c07b56800bc5e058ee277f43aaa6
SHA1

cab55efefe63f1179127dddc62bd35cedcdf1dd2
SHA256

35c75094eea47858d37e8b0b757875fdfd4cae348819a9fd3bcf82650e88b609
SHA512

945f0b0755dc995222fe864164536795c0e5068c14cc2ad78b851e6447378b2cc1695e0e953faeed5b5ebccf6a9a9840c36beb48808d6aae2a8ab90c043b293a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3668 wrote to memory of 2168	3668	rundll32.exe	rundll32.exe
PID 3668 wrote to memory of 2168	3668	rundll32.exe	rundll32.exe
PID 3668 wrote to memory of 2168	3668	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\35c75094eea47858d37e8b0b757875fdfd4cae348819a9fd3bcf82650e88b609.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3668

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\35c75094eea47858d37e8b0b757875fdfd4cae348819a9fd3bcf82650e88b609.dll,#1
2⤵
PID:2168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...