03520e48480caa16bb6c3765392b0223ee99be8d19b4cc1846ae0b7079607043 | Triage

Analysis

max time kernel
11s
max time network
12s
platform
windows10_x64
resource
win10v20201028
submitted
13-01-2021 07:30

Sharing

Report Analysis Logs

General

Target

03520e48480caa16bb6c3765392b0223ee99be8d19b4cc1846ae0b7079607043.dll
Size

239KB
MD5

1e99b5e59a00743f4e190b29f3e91742
SHA1

0a0d07f8c16b40e85c326e161b269d8eaca445a2
SHA256

03520e48480caa16bb6c3765392b0223ee99be8d19b4cc1846ae0b7079607043
SHA512

7af7a258332b0b815b10e55efa3aff3f2af49212a28af502d308ffa61b5550c232a108fa28154581e601d8b05aab007c936cbde6fb4879f376725698e415b71b

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

13 4784 rundll32.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

rundll32.exe

pid process

4784 rundll32.exe
4784 rundll32.exe
4784 rundll32.exe
4784 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4768 wrote to memory of 4784	4768	rundll32.exe	rundll32.exe
PID 4768 wrote to memory of 4784	4768	rundll32.exe	rundll32.exe
PID 4768 wrote to memory of 4784	4768	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\03520e48480caa16bb6c3765392b0223ee99be8d19b4cc1846ae0b7079607043.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4768

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\03520e48480caa16bb6c3765392b0223ee99be8d19b4cc1846ae0b7079607043.dll,#1
2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:4784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4784-2-0x0000000000000000-mapping.dmp

Download