Analysis
-
max time kernel
28s -
max time network
29s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
13-01-2021 07:30
Static task
static1
Behavioral task
behavioral1
Sample
0a35b4f9d22cdd1ae86366db06f06d837b657d05ade0ff23f0a3932ff0fffe3c.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
0a35b4f9d22cdd1ae86366db06f06d837b657d05ade0ff23f0a3932ff0fffe3c.dll
-
Size
275KB
-
MD5
130fd4203c298fb84f972bcd8832120e
-
SHA1
0ba66e7a76987909703d57d822e58e42c78687d1
-
SHA256
0a35b4f9d22cdd1ae86366db06f06d837b657d05ade0ff23f0a3932ff0fffe3c
-
SHA512
cafd4f7f24deffa3922b61789eb4929aa2cc0a36b6506ef77c9f1c223f0be27162e82f210a14dfa63da54fb8c9811d30210441ff82f444ece5310f3b6972e412
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 17 4836 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
rundll32.exepid process 4836 rundll32.exe 4836 rundll32.exe 4836 rundll32.exe 4836 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4760 wrote to memory of 4836 4760 rundll32.exe rundll32.exe PID 4760 wrote to memory of 4836 4760 rundll32.exe rundll32.exe PID 4760 wrote to memory of 4836 4760 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0a35b4f9d22cdd1ae86366db06f06d837b657d05ade0ff23f0a3932ff0fffe3c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4760 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0a35b4f9d22cdd1ae86366db06f06d837b657d05ade0ff23f0a3932ff0fffe3c.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:4836
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4836-2-0x0000000000000000-mapping.dmp