Analysis
-
max time kernel
13s -
max time network
110s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
09-11-2020 03:38
Static task
static1
Behavioral task
behavioral1
Sample
GBColorPickerSetup_226_6ut9g9biPckZb0_blomb.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
GBColorPickerSetup_226_6ut9g9biPckZb0_blomb.exe
Resource
win10v20201028
Behavioral task
behavioral3
Sample
mc&0.NET.dll
Resource
win7v20201028
Behavioral task
behavioral4
Sample
mc&0.NET.dll
Resource
win10v20201028
General
-
Target
mc&0.NET.dll
-
Size
503KB
-
MD5
e598fdc5eac35445a2b2e09dd8fc63ad
-
SHA1
5b9ff066600c4488fb2b451c2dcf0e7c2e0e9159
-
SHA256
2ffd5f63216bc158679a94db12a927f051c92e9900cad7614d84b6e71fb9e947
-
SHA512
9565fee5adb5df5786026e08f2d3c29921e25d08e70436b69868a69544fd6b6b8290c494a532f254373061e622ae793ad63bc907f0b5e399cc74db35d6463969
Malware Config
Signatures
-
Blacklisted process makes network request 2 IoCs
Processes:
rundll32.exeflow pid process 8 1000 rundll32.exe 13 1000 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 1000 rundll32.exe 1000 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 508 wrote to memory of 1000 508 rundll32.exe rundll32.exe PID 508 wrote to memory of 1000 508 rundll32.exe rundll32.exe PID 508 wrote to memory of 1000 508 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\mc&0.NET.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\mc&0.NET.dll,#12⤵
- Blacklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1000-0-0x0000000000000000-mapping.dmp