Analysis
-
max time kernel
18s -
max time network
30s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
13-01-2021 07:30
Static task
static1
Behavioral task
behavioral1
Sample
9b6c0d23cc89559ac9e4805fe54b7a1dec4705672d1398076b21b88f23fcc2ea.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
9b6c0d23cc89559ac9e4805fe54b7a1dec4705672d1398076b21b88f23fcc2ea.dll
-
Size
269KB
-
MD5
4a9ab7e401a01a9e83e8473cfea6832a
-
SHA1
8793e334bb63b4d49e5a9c9df8c471012ecc2794
-
SHA256
9b6c0d23cc89559ac9e4805fe54b7a1dec4705672d1398076b21b88f23fcc2ea
-
SHA512
c694800cd1e5d05b0e6c8f5dbac20b57a5d581b0f62724961b8d5f02eea142a3f8d23a0fc0a15de3826499bc70cfcbe929c098484f26b08d6a4ae0406784fe96
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
flow pid Process 17 1004 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1004 rundll32.exe 1004 rundll32.exe 1004 rundll32.exe 1004 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1628 wrote to memory of 1004 1628 rundll32.exe 69 PID 1628 wrote to memory of 1004 1628 rundll32.exe 69 PID 1628 wrote to memory of 1004 1628 rundll32.exe 69
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9b6c0d23cc89559ac9e4805fe54b7a1dec4705672d1398076b21b88f23fcc2ea.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1628 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9b6c0d23cc89559ac9e4805fe54b7a1dec4705672d1398076b21b88f23fcc2ea.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:1004
-