35fb9c449f6e3519cec59936e6fd9642b87372ce92d9ea6bc02c29264ada64d4 | Triage

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 05:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

35fb9c449f6e3519cec59936e6fd9642b87372ce92d9ea6bc02c29264ada64d4.dll
Size

3KB
MD5

84b04bd14bd86a3e2778b2bf29408160
SHA1

0568e3414f4e74b265d6a39ab15b3d6cc012f074
SHA256

35fb9c449f6e3519cec59936e6fd9642b87372ce92d9ea6bc02c29264ada64d4
SHA512

7d9df5b400bdab6b7e9973a3d0a008e42c889fbcc86b75bee05b77c56d46a933ef0406a4d955ee84c8d170d285aa4f9e8c09201401f165d9148df1c73ccc7392

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1584 wrote to memory of 1172	1584	rundll32.exe	26
PID 1584 wrote to memory of 1172	1584	rundll32.exe	26
PID 1584 wrote to memory of 1172	1584	rundll32.exe	26
PID 1584 wrote to memory of 1172	1584	rundll32.exe	26
PID 1584 wrote to memory of 1172	1584	rundll32.exe	26
PID 1584 wrote to memory of 1172	1584	rundll32.exe	26
PID 1584 wrote to memory of 1172	1584	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\35fb9c449f6e3519cec59936e6fd9642b87372ce92d9ea6bc02c29264ada64d4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\35fb9c449f6e3519cec59936e6fd9642b87372ce92d9ea6bc02c29264ada64d4.dll,#1
  2⤵
  PID:1172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1172-55-0x0000000074BB1000-0x0000000074BB3000-memory.dmp

Filesize
8KB

Download