ffe2b967c25a7c94516d496fa5372f95b1e6144356afdc6011a6a0fae6869971 | Triage

Analysis

max time kernel
18s
max time network
28s
platform
windows10_x64
resource
win10v20201028
submitted
13-01-2021 07:30

Sharing

Report Analysis Logs

General

Target

ffe2b967c25a7c94516d496fa5372f95b1e6144356afdc6011a6a0fae6869971.dll
Size

269KB
MD5

27aaa65c4b59bc6ff6c9c1a01232f9f1
SHA1

44c5a9d5d7f55b342840cdff2312bf053851735b
SHA256

ffe2b967c25a7c94516d496fa5372f95b1e6144356afdc6011a6a0fae6869971
SHA512

7d74adc55071703115cc2d3d19f105b51803ca65ef85280caa4c181fab76386b658385304e8e9f8467429da0607b24d1764323ed4c583f271353c4543ec75e95

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

17 396 rundll32.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

rundll32.exe

pid process

396 rundll32.exe
396 rundll32.exe
396 rundll32.exe
396 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 648 wrote to memory of 396	648	rundll32.exe	rundll32.exe
PID 648 wrote to memory of 396	648	rundll32.exe	rundll32.exe
PID 648 wrote to memory of 396	648	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffe2b967c25a7c94516d496fa5372f95b1e6144356afdc6011a6a0fae6869971.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:648

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffe2b967c25a7c94516d496fa5372f95b1e6144356afdc6011a6a0fae6869971.dll,#1
2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/396-2-0x0000000000000000-mapping.dmp

Download