074dd1cc1ce739876eab2993b549570e81ff18f4073a5a13c4461bc880d81281 | Triage

Analysis

max time kernel
126s
max time network
130s
platform
windows10_x64
resource
win10v20201028
submitted
13-01-2021 07:13

Sharing

Report Analysis Logs

General

Target

680ae5702fdcb7e374b6df0eb0e31175.dll
Size

275KB
MD5

680ae5702fdcb7e374b6df0eb0e31175
SHA1

627201aa2d0964c5590553957b0bb255472a4d66
SHA256

074dd1cc1ce739876eab2993b549570e81ff18f4073a5a13c4461bc880d81281
SHA512

39795c2a6cda4a4beb31fd96f0e0d17639877c7e0bc32af6f7e6c8d18f10e4c4f2d0fe3604a38c290e1a742582ed87a3b0f28c5a0baad3ad3660f4c9e6412fb3

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

14 4816 rundll32.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

rundll32.exe

pid process

4816 rundll32.exe
4816 rundll32.exe
4816 rundll32.exe
4816 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4760 wrote to memory of 4816	4760	rundll32.exe	rundll32.exe
PID 4760 wrote to memory of 4816	4760	rundll32.exe	rundll32.exe
PID 4760 wrote to memory of 4816	4760	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\680ae5702fdcb7e374b6df0eb0e31175.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4760

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\680ae5702fdcb7e374b6df0eb0e31175.dll,#1
2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:4816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4816-2-0x0000000000000000-mapping.dmp

Download