Analysis
-
max time kernel
11s -
max time network
12s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
13-01-2021 07:30
Static task
static1
Behavioral task
behavioral1
Sample
03520e48480caa16bb6c3765392b0223ee99be8d19b4cc1846ae0b7079607043.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
03520e48480caa16bb6c3765392b0223ee99be8d19b4cc1846ae0b7079607043.dll
-
Size
239KB
-
MD5
1e99b5e59a00743f4e190b29f3e91742
-
SHA1
0a0d07f8c16b40e85c326e161b269d8eaca445a2
-
SHA256
03520e48480caa16bb6c3765392b0223ee99be8d19b4cc1846ae0b7079607043
-
SHA512
7af7a258332b0b815b10e55efa3aff3f2af49212a28af502d308ffa61b5550c232a108fa28154581e601d8b05aab007c936cbde6fb4879f376725698e415b71b
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 13 4784 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
rundll32.exepid process 4784 rundll32.exe 4784 rundll32.exe 4784 rundll32.exe 4784 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4768 wrote to memory of 4784 4768 rundll32.exe rundll32.exe PID 4768 wrote to memory of 4784 4768 rundll32.exe rundll32.exe PID 4768 wrote to memory of 4784 4768 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\03520e48480caa16bb6c3765392b0223ee99be8d19b4cc1846ae0b7079607043.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4768 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\03520e48480caa16bb6c3765392b0223ee99be8d19b4cc1846ae0b7079607043.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:4784
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4784-2-0x0000000000000000-mapping.dmp