b9732e394fc1b9c9864e84f30f5becb996b7975c33e4c8fd24c89414c4a35d29

Analysis

Target

b9732e394fc1b9c9864e84f30f5becb996b7975c33e4c8fd24c89414c4a35d29.dll
Size

269KB
MD5

c101aad04c82d2031d60c75de080527b
SHA1

0e97244b9261e86f072f151bd82361265183a41d
SHA256

b9732e394fc1b9c9864e84f30f5becb996b7975c33e4c8fd24c89414c4a35d29
SHA512

968f2627e7b2838d2c535ee75e8037336a1d0117a6ef90db6d80b8efd307f96e1a1844575df59c340e387d945043c23d5560113feee7e236e73bd354224b16ef

Score

8^/10

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

20 1672 rundll32.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

rundll32.exe

pid process

1672 rundll32.exe
1672 rundll32.exe
1672 rundll32.exe
1672 rundll32.exe

flow	pid	process
20	1672	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 816 wrote to memory of 1672	816	rundll32.exe	rundll32.exe
PID 816 wrote to memory of 1672	816	rundll32.exe	rundll32.exe
PID 816 wrote to memory of 1672	816	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b9732e394fc1b9c9864e84f30f5becb996b7975c33e4c8fd24c89414c4a35d29.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:816
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b9732e394fc1b9c9864e84f30f5becb996b7975c33e4c8fd24c89414c4a35d29.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  PID:1672