a022d807e9772d518fe062e9bf5bf216684cbde33d14522c2df82847d5dadff1 | Triage

Analysis

max time kernel
38s
max time network
145s
platform
windows7_x64
resource
win7v20201028
submitted
13-01-2021 07:10

Sharing

Report Analysis Logs

General

Target

fc.dll
Size

275KB
MD5

a5637003d4c6675e0784fb2e07fd9f59
SHA1

26560361d47a0f9a4a2820dbee195c48fd886b95
SHA256

a022d807e9772d518fe062e9bf5bf216684cbde33d14522c2df82847d5dadff1
SHA512

205427c2330734718a5c3753981a096cf2db8b80a655a2b418906e37992834d7bdba3e29d60e26c234f8f45613975c011e6aeb3bf11aeaf63ec259440a79a151

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

5 1496 rundll32.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

rundll32.exe

pid process

1496 rundll32.exe
1496 rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1916 wrote to memory of 1496	1916	rundll32.exe	rundll32.exe
PID 1916 wrote to memory of 1496	1916	rundll32.exe	rundll32.exe
PID 1916 wrote to memory of 1496	1916	rundll32.exe	rundll32.exe
PID 1916 wrote to memory of 1496	1916	rundll32.exe	rundll32.exe
PID 1916 wrote to memory of 1496	1916	rundll32.exe	rundll32.exe
PID 1916 wrote to memory of 1496	1916	rundll32.exe	rundll32.exe
PID 1916 wrote to memory of 1496	1916	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fc.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  PID:1496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/112-3-0x000007FEF6190000-0x000007FEF640A000-memory.dmp

Filesize
2.5MB

Download
memory/1496-2-0x0000000000000000-mapping.dmp

Download