5f44852cc99bf4028874ec5ac49f02a89b9f66ed2a85c4c834b9c4705d0da325 | Triage

Analysis

max time kernel
52s
max time network
116s
platform
windows10_x64
resource
win10v20201028
submitted
13-11-2020 16:20

Sharing

Report Analysis Logs

General

Target

5f44852cc99bf4028874ec5ac49f02a89b9f66ed2a85c4c834b9c4705d0da325.dll
Size

292KB
MD5

7d7b6cd4acba69cdc6c09b9ab7a4b011
SHA1

0c637be56edf93af5951b361f55c444bc54cd158
SHA256

5f44852cc99bf4028874ec5ac49f02a89b9f66ed2a85c4c834b9c4705d0da325
SHA512

22d4668f0000649f7b13e8343b79eed9fa5d34080e0ab88941d1984edb70fc391fbd9504ee89f6f064bb8b031473e7c18db565e953dc98e85ccabf27e11c374f

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

Processes:

rundll32.exe

flow pid process

16 4780 rundll32.exe
18 4780 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4760 wrote to memory of 4780	4760	rundll32.exe	rundll32.exe
PID 4760 wrote to memory of 4780	4760	rundll32.exe	rundll32.exe
PID 4760 wrote to memory of 4780	4760	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f44852cc99bf4028874ec5ac49f02a89b9f66ed2a85c4c834b9c4705d0da325.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4760

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f44852cc99bf4028874ec5ac49f02a89b9f66ed2a85c4c834b9c4705d0da325.dll,#1
2⤵
- Blocklisted process makes network request
PID:4780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4780-0-0x0000000000000000-mapping.dmp

Download