Analysis
-
max time kernel
11s -
max time network
11s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
13-01-2021 07:29
Static task
static1
Behavioral task
behavioral1
Sample
2b1e07c62c66075ca975467a87943b3df898aefc8cda21757c877a07f63e29ad.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
2b1e07c62c66075ca975467a87943b3df898aefc8cda21757c877a07f63e29ad.dll
-
Size
239KB
-
MD5
aad2e60b655022d1d355800b529ade62
-
SHA1
3b950ca66dbc8b2908d13bb5aa304088a3d032a2
-
SHA256
2b1e07c62c66075ca975467a87943b3df898aefc8cda21757c877a07f63e29ad
-
SHA512
2ed9843c3c32c0965ef7dffb4dd3b5a4f337bfd36878c9cdf97a2d5622d85b839386c97a34f3accf6b4c7bc0a45850cb7a6c719c793a6a8e2f5dfa25b2818a1b
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 14 1764 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
rundll32.exepid process 1764 rundll32.exe 1764 rundll32.exe 1764 rundll32.exe 1764 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1020 wrote to memory of 1764 1020 rundll32.exe rundll32.exe PID 1020 wrote to memory of 1764 1020 rundll32.exe rundll32.exe PID 1020 wrote to memory of 1764 1020 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2b1e07c62c66075ca975467a87943b3df898aefc8cda21757c877a07f63e29ad.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1020 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2b1e07c62c66075ca975467a87943b3df898aefc8cda21757c877a07f63e29ad.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:1764
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1764-2-0x0000000000000000-mapping.dmp