dc0266804bd2bfc83109152fef734d54f7a7d0c09487096a368ae45518d2ca13 | Triage

Analysis

max time kernel
68s
max time network
117s
platform
windows10_x64
resource
win10
submitted
24-08-2020 02:16

Sharing

Report Analysis Logs

General

Target

dc0266804bd2bfc83109152fef734d54f7a7d0c09487096a368ae45518d2ca13.bin.dll
Size

351KB
MD5

d52a2deeb2043e99d02fe19538991c38
SHA1

e9c7b92d3ff73b682ef23caf94ea0903ea095268
SHA256

dc0266804bd2bfc83109152fef734d54f7a7d0c09487096a368ae45518d2ca13
SHA512

efedb8fd9614e15ce563ae9768a7b895f928974a606faa8225fd03e5aa5eb65d0c509fd664f8ff6214b30b0f0ac9ad0080ce207eeef032badee2f87ec3472ab2

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3048	rundll32.exe
3048	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3608 wrote to memory of 3048	3608	rundll32.exe	67
PID 3608 wrote to memory of 3048	3608	rundll32.exe	67
PID 3608 wrote to memory of 3048	3608	rundll32.exe	67

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dc0266804bd2bfc83109152fef734d54f7a7d0c09487096a368ae45518d2ca13.bin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3608
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dc0266804bd2bfc83109152fef734d54f7a7d0c09487096a368ae45518d2ca13.bin.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads