2b1e07c62c66075ca975467a87943b3df898aefc8cda21757c877a07f63e29ad | Triage

Analysis

max time kernel
11s
max time network
11s
platform
windows10_x64
resource
win10v20201028
submitted
13-01-2021 07:29

Sharing

Report Analysis Logs

General

Target

2b1e07c62c66075ca975467a87943b3df898aefc8cda21757c877a07f63e29ad.dll
Size

239KB
MD5

aad2e60b655022d1d355800b529ade62
SHA1

3b950ca66dbc8b2908d13bb5aa304088a3d032a2
SHA256

2b1e07c62c66075ca975467a87943b3df898aefc8cda21757c877a07f63e29ad
SHA512

2ed9843c3c32c0965ef7dffb4dd3b5a4f337bfd36878c9cdf97a2d5622d85b839386c97a34f3accf6b4c7bc0a45850cb7a6c719c793a6a8e2f5dfa25b2818a1b

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

14 1764 rundll32.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

rundll32.exe

pid process

1764 rundll32.exe
1764 rundll32.exe
1764 rundll32.exe
1764 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1020 wrote to memory of 1764	1020	rundll32.exe	rundll32.exe
PID 1020 wrote to memory of 1764	1020	rundll32.exe	rundll32.exe
PID 1020 wrote to memory of 1764	1020	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b1e07c62c66075ca975467a87943b3df898aefc8cda21757c877a07f63e29ad.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1020

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b1e07c62c66075ca975467a87943b3df898aefc8cda21757c877a07f63e29ad.dll,#1
2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:1764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1764-2-0x0000000000000000-mapping.dmp

Download