Analysis
-
max time kernel
18s -
max time network
28s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
13-01-2021 07:30
Static task
static1
Behavioral task
behavioral1
Sample
ffe2b967c25a7c94516d496fa5372f95b1e6144356afdc6011a6a0fae6869971.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
ffe2b967c25a7c94516d496fa5372f95b1e6144356afdc6011a6a0fae6869971.dll
-
Size
269KB
-
MD5
27aaa65c4b59bc6ff6c9c1a01232f9f1
-
SHA1
44c5a9d5d7f55b342840cdff2312bf053851735b
-
SHA256
ffe2b967c25a7c94516d496fa5372f95b1e6144356afdc6011a6a0fae6869971
-
SHA512
7d74adc55071703115cc2d3d19f105b51803ca65ef85280caa4c181fab76386b658385304e8e9f8467429da0607b24d1764323ed4c583f271353c4543ec75e95
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 17 396 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
rundll32.exepid process 396 rundll32.exe 396 rundll32.exe 396 rundll32.exe 396 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 648 wrote to memory of 396 648 rundll32.exe rundll32.exe PID 648 wrote to memory of 396 648 rundll32.exe rundll32.exe PID 648 wrote to memory of 396 648 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ffe2b967c25a7c94516d496fa5372f95b1e6144356afdc6011a6a0fae6869971.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:648 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ffe2b967c25a7c94516d496fa5372f95b1e6144356afdc6011a6a0fae6869971.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:396
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/396-2-0x0000000000000000-mapping.dmp