ad35c06971a5ee8855624783b39621425307dce3fab877acc3ef4b82d2c1814c | Triage

Analysis

max time kernel
148s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 18:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ad35c06971a5ee8855624783b39621425307dce3fab877acc3ef4b82d2c1814c.dll
Size

3KB
MD5

fee899e78ed9770c8798fc5a815cc926
SHA1

a657588fb9b821f9a7f859f8673650c1b8fdeac6
SHA256

ad35c06971a5ee8855624783b39621425307dce3fab877acc3ef4b82d2c1814c
SHA512

2d3ccd1d8302582501aeca8f5e0aed4b9ffd219b944ad46de892517fdc2987d0cde1db5f713410cd0566920eabc9d8f7fc8ce96995579a0b988a1675d3b96e1f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4536 wrote to memory of 1532	4536	rundll32.exe	80
PID 4536 wrote to memory of 1532	4536	rundll32.exe	80
PID 4536 wrote to memory of 1532	4536	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad35c06971a5ee8855624783b39621425307dce3fab877acc3ef4b82d2c1814c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad35c06971a5ee8855624783b39621425307dce3fab877acc3ef4b82d2c1814c.dll,#1
  2⤵
  PID:1532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads