075b78459c3f99506ea66ec9612ec92593773417d754d321d516f561eac20983 | Triage

Analysis

max time kernel
142s
max time network
65s
platform
windows10_x64
resource
win10v200430
submitted
15/07/2020, 16:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

puom3.cab.dll
Size

196KB
MD5

3867cc46f787f778440e8b07a0d3b062
SHA1

fbaac347184f593f24ecf2a3d98f9ec58042b394
SHA256

075b78459c3f99506ea66ec9612ec92593773417d754d321d516f561eac20983
SHA512

b3b07bfe781de13b7ebf1d1827cf15e60d62ac3708c894417d3fdbdcbac3e0b7133f8d5ea5af4efc2ef594d4e10a77066db9e08f8343b5e4397f1e945c0f54fc

Score

8^/10

Malware Config

Signatures

Blacklisted process makes network request 4 IoCs

flow	pid	Process
6	2000	rundll32.exe
8	2000	rundll32.exe
12	2000	rundll32.exe
14	2000	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2000	rundll32.exe
2000	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4004 wrote to memory of 2000	4004	rundll32.exe	66
PID 4004 wrote to memory of 2000	4004	rundll32.exe	66
PID 4004 wrote to memory of 2000	4004	rundll32.exe	66

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\puom3.cab.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4004
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\puom3.cab.dll,#1
  2⤵
  - Blacklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  PID:2000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads