0a35b4f9d22cdd1ae86366db06f06d837b657d05ade0ff23f0a3932ff0fffe3c | Triage

Analysis

max time kernel
28s
max time network
29s
platform
windows10_x64
resource
win10v20201028
submitted
13-01-2021 07:30

Sharing

Report Analysis Logs

General

Target

0a35b4f9d22cdd1ae86366db06f06d837b657d05ade0ff23f0a3932ff0fffe3c.dll
Size

275KB
MD5

130fd4203c298fb84f972bcd8832120e
SHA1

0ba66e7a76987909703d57d822e58e42c78687d1
SHA256

0a35b4f9d22cdd1ae86366db06f06d837b657d05ade0ff23f0a3932ff0fffe3c
SHA512

cafd4f7f24deffa3922b61789eb4929aa2cc0a36b6506ef77c9f1c223f0be27162e82f210a14dfa63da54fb8c9811d30210441ff82f444ece5310f3b6972e412

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

17 4836 rundll32.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

rundll32.exe

pid process

4836 rundll32.exe
4836 rundll32.exe
4836 rundll32.exe
4836 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4760 wrote to memory of 4836	4760	rundll32.exe	rundll32.exe
PID 4760 wrote to memory of 4836	4760	rundll32.exe	rundll32.exe
PID 4760 wrote to memory of 4836	4760	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a35b4f9d22cdd1ae86366db06f06d837b657d05ade0ff23f0a3932ff0fffe3c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4760

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a35b4f9d22cdd1ae86366db06f06d837b657d05ade0ff23f0a3932ff0fffe3c.dll,#1
2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:4836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4836-2-0x0000000000000000-mapping.dmp

Download