b9732e394fc1b9c9864e84f30f5becb996b7975c33e4c8fd24c89414c4a35d29 | Triage

Analysis

max time kernel
17s
max time network
26s
platform
windows10_x64
resource
win10v20201028
submitted
13-01-2021 07:30

Sharing

Report Analysis Logs

General

Target

b9732e394fc1b9c9864e84f30f5becb996b7975c33e4c8fd24c89414c4a35d29.dll
Size

269KB
MD5

c101aad04c82d2031d60c75de080527b
SHA1

0e97244b9261e86f072f151bd82361265183a41d
SHA256

b9732e394fc1b9c9864e84f30f5becb996b7975c33e4c8fd24c89414c4a35d29
SHA512

968f2627e7b2838d2c535ee75e8037336a1d0117a6ef90db6d80b8efd307f96e1a1844575df59c340e387d945043c23d5560113feee7e236e73bd354224b16ef

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

20 1672 rundll32.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

rundll32.exe

pid process

1672 rundll32.exe
1672 rundll32.exe
1672 rundll32.exe
1672 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 816 wrote to memory of 1672	816	rundll32.exe	rundll32.exe
PID 816 wrote to memory of 1672	816	rundll32.exe	rundll32.exe
PID 816 wrote to memory of 1672	816	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b9732e394fc1b9c9864e84f30f5becb996b7975c33e4c8fd24c89414c4a35d29.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:816

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b9732e394fc1b9c9864e84f30f5becb996b7975c33e4c8fd24c89414c4a35d29.dll,#1
2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:1672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1672-2-0x0000000000000000-mapping.dmp

Download