a022d807e9772d518fe062e9bf5bf216684cbde33d14522c2df82847d5dadff1 | Triage

Analysis

max time kernel
22s
max time network
131s
platform
windows10_x64
resource
win10v20201028
submitted
13-01-2021 07:10

Sharing

Report Analysis Logs

General

Target

fc.dll
Size

275KB
MD5

a5637003d4c6675e0784fb2e07fd9f59
SHA1

26560361d47a0f9a4a2820dbee195c48fd886b95
SHA256

a022d807e9772d518fe062e9bf5bf216684cbde33d14522c2df82847d5dadff1
SHA512

205427c2330734718a5c3753981a096cf2db8b80a655a2b418906e37992834d7bdba3e29d60e26c234f8f45613975c011e6aeb3bf11aeaf63ec259440a79a151

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

18 4764 rundll32.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

rundll32.exe

pid process

4764 rundll32.exe
4764 rundll32.exe
4764 rundll32.exe
4764 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4700 wrote to memory of 4764	4700	rundll32.exe	rundll32.exe
PID 4700 wrote to memory of 4764	4700	rundll32.exe	rundll32.exe
PID 4700 wrote to memory of 4764	4700	rundll32.exe	rundll32.exe

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fc.dll,#1
1⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:4764

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4764-2-0x0000000000000000-mapping.dmp

Download