749b240a2714d8da17ead121202f9c6d574b1520038aaa2adcbd458aac3f376a | Triage

Analysis

max time kernel
14s
max time network
16s
platform
windows10_x64
resource
win10v20201028
submitted
13-01-2021 07:30

Sharing

Report Analysis Logs

General

Target

749b240a2714d8da17ead121202f9c6d574b1520038aaa2adcbd458aac3f376a.dll
Size

239KB
MD5

ae1c1c7806d174b99d273ba4a35387e7
SHA1

7b252d231e867838d45403e64deac976bff31db7
SHA256

749b240a2714d8da17ead121202f9c6d574b1520038aaa2adcbd458aac3f376a
SHA512

e2168d6c611df7cfdcf8b422c3bf5ef8ca8053e0dc291ca9dba30b54201022d8276b928b15a1787c5d99cae3517e6d881d694d0e84797c54dc30297fcb959baf

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

16 804 rundll32.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

rundll32.exe

pid process

804 rundll32.exe
804 rundll32.exe
804 rundll32.exe
804 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 500 wrote to memory of 804	500	rundll32.exe	rundll32.exe
PID 500 wrote to memory of 804	500	rundll32.exe	rundll32.exe
PID 500 wrote to memory of 804	500	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\749b240a2714d8da17ead121202f9c6d574b1520038aaa2adcbd458aac3f376a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:500

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\749b240a2714d8da17ead121202f9c6d574b1520038aaa2adcbd458aac3f376a.dll,#1
2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/804-2-0x0000000000000000-mapping.dmp

Download