d01e2855e1ec680ec524223de287fcdae55b6e5bcf6fd75b29323291ed3f38b9 | Triage

Analysis

max time kernel
65s
max time network
117s
platform
windows10_x64
resource
win10
submitted
28-07-2020 18:47

Sharing

Report Analysis Logs

General

Target

main.theme.dll
Size

208KB
MD5

487cdcaa16a8ebe4ab73b306c6f23484
SHA1

2d872295540c0941b79b16582766decf1d2a77de
SHA256

d01e2855e1ec680ec524223de287fcdae55b6e5bcf6fd75b29323291ed3f38b9
SHA512

af1cc9f4c9d27c9cee78f0b43708c647bb352f6b318a120eeb1711674cd82fb8911f4db6ca0f6979e96f255aa8da53e089b0afbda58c4dd8394b9472a38a51e4

Score

8^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3588 wrote to memory of 3660	3588	rundll32.exe	67
PID 3588 wrote to memory of 3660	3588	rundll32.exe	67
PID 3588 wrote to memory of 3660	3588	rundll32.exe	67

Blacklisted process makes network request 5 IoCs

flow	pid	Process
4	3660	rundll32.exe
6	3660	rundll32.exe
8	3660	rundll32.exe
10	3660	rundll32.exe
12	3660	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3660	rundll32.exe
3660	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\main.theme.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3588
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\main.theme.dll,#1
  2⤵
  - Blacklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  PID:3660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads