35cb445c62d18a9e15707bf87a68d1f44e350f06afbe91020c140712dbd06d5b | Triage

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21/10/2022, 02:06

Sharing

Report Analysis Logs

General

Target

35cb445c62d18a9e15707bf87a68d1f44e350f06afbe91020c140712dbd06d5b.dll
Size

3KB
MD5

2c4b10d207fa3a255e42c3d3c583580c
SHA1

58bfa985f05eff10f691e1813061f8bbdd6fe2f3
SHA256

35cb445c62d18a9e15707bf87a68d1f44e350f06afbe91020c140712dbd06d5b
SHA512

70e2fe3b78eb02d7add231faeb5d1eea14b4ae29eaeeae38187b7b93c3826631fbdd0aca3349af4355d96d9bc17858c11b8c34a4cf04193eefd00f349ab244f6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 900 wrote to memory of 1416	900	rundll32.exe	27
PID 900 wrote to memory of 1416	900	rundll32.exe	27
PID 900 wrote to memory of 1416	900	rundll32.exe	27
PID 900 wrote to memory of 1416	900	rundll32.exe	27
PID 900 wrote to memory of 1416	900	rundll32.exe	27
PID 900 wrote to memory of 1416	900	rundll32.exe	27
PID 900 wrote to memory of 1416	900	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\35cb445c62d18a9e15707bf87a68d1f44e350f06afbe91020c140712dbd06d5b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\35cb445c62d18a9e15707bf87a68d1f44e350f06afbe91020c140712dbd06d5b.dll,#1
  2⤵
  PID:1416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1416-55-0x00000000762D1000-0x00000000762D3000-memory.dmp

Filesize
8KB

Download