bdbc3850d100b517146a20b896e65eb2a411046a0520b20df39b518e7c451243 | Triage

Analysis

max time kernel
77s
max time network
139s
platform
windows10_x64
resource
win10v20201028
submitted
15-11-2020 22:50

Sharing

Report Analysis Logs

General

Target

bdbc3850d100b517146a20b896e65eb2a411046a0520b20df39b518e7c451243.dll
Size

143KB
MD5

182b0a54d9e36db914beb8aa2cbe1d3b
SHA1

cba997f9290dd8f8d0a6d0e5c538834fbf195e8b
SHA256

bdbc3850d100b517146a20b896e65eb2a411046a0520b20df39b518e7c451243
SHA512

009409f3e683e95fc07031ef0d951a501db02579a211630c225af65ca86864a1f11affaa97f41a3b299d671e18dc46baae13cf4c39cd3831e484ceabceb89495

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

Processes:

rundll32.exe

flow pid process

19 3456 rundll32.exe
21 3456 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3944 wrote to memory of 3456	3944	rundll32.exe	rundll32.exe
PID 3944 wrote to memory of 3456	3944	rundll32.exe	rundll32.exe
PID 3944 wrote to memory of 3456	3944	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bdbc3850d100b517146a20b896e65eb2a411046a0520b20df39b518e7c451243.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3944

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bdbc3850d100b517146a20b896e65eb2a411046a0520b20df39b518e7c451243.dll,#1
2⤵
- Blocklisted process makes network request
PID:3456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3456-0-0x0000000000000000-mapping.dmp

Download