d41b348ac7dc53e294577aac6de0ba6d1b4fd57b7742b8bb8b555636b25b3d6c | Triage

Analysis

max time kernel
11s
max time network
26s
platform
windows10_x64
resource
win10v20201028
submitted
13-01-2021 07:30

Sharing

Report Analysis Logs

General

Target

d41b348ac7dc53e294577aac6de0ba6d1b4fd57b7742b8bb8b555636b25b3d6c.dll
Size

239KB
MD5

911e2ceecf6b12e46c7c86cde82e3426
SHA1

3d572e2376b661ca34c4df68e715695dcda08a38
SHA256

d41b348ac7dc53e294577aac6de0ba6d1b4fd57b7742b8bb8b555636b25b3d6c
SHA512

d9cf0ba8440f7e01bc4f1706b4b86fc3a27f6e5cb7bd49ecfe054e365e832293a5411b41beac35c578ab71a109c4096e1d36e609c46614daea4b359a7cb459ab

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

16 4764 rundll32.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

rundll32.exe

pid process

4764 rundll32.exe
4764 rundll32.exe
4764 rundll32.exe
4764 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4700 wrote to memory of 4764	4700	rundll32.exe	rundll32.exe
PID 4700 wrote to memory of 4764	4700	rundll32.exe	rundll32.exe
PID 4700 wrote to memory of 4764	4700	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d41b348ac7dc53e294577aac6de0ba6d1b4fd57b7742b8bb8b555636b25b3d6c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4700

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d41b348ac7dc53e294577aac6de0ba6d1b4fd57b7742b8bb8b555636b25b3d6c.dll,#1
2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:4764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4764-2-0x0000000000000000-mapping.dmp

Download