9b6c0d23cc89559ac9e4805fe54b7a1dec4705672d1398076b21b88f23fcc2ea | Triage

Analysis

max time kernel
18s
max time network
30s
platform
windows10_x64
resource
win10v20201028
submitted
13-01-2021 07:30

Sharing

Report Analysis Logs

General

Target

9b6c0d23cc89559ac9e4805fe54b7a1dec4705672d1398076b21b88f23fcc2ea.dll
Size

269KB
MD5

4a9ab7e401a01a9e83e8473cfea6832a
SHA1

8793e334bb63b4d49e5a9c9df8c471012ecc2794
SHA256

9b6c0d23cc89559ac9e4805fe54b7a1dec4705672d1398076b21b88f23fcc2ea
SHA512

c694800cd1e5d05b0e6c8f5dbac20b57a5d581b0f62724961b8d5f02eea142a3f8d23a0fc0a15de3826499bc70cfcbe929c098484f26b08d6a4ae0406784fe96

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

17 1004 rundll32.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

rundll32.exe

pid process

1004 rundll32.exe
1004 rundll32.exe
1004 rundll32.exe
1004 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1628 wrote to memory of 1004	1628	rundll32.exe	rundll32.exe
PID 1628 wrote to memory of 1004	1628	rundll32.exe	rundll32.exe
PID 1628 wrote to memory of 1004	1628	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b6c0d23cc89559ac9e4805fe54b7a1dec4705672d1398076b21b88f23fcc2ea.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1628

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b6c0d23cc89559ac9e4805fe54b7a1dec4705672d1398076b21b88f23fcc2ea.dll,#1
2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:1004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1004-2-0x0000000000000000-mapping.dmp

Download