5cf53710626b79c190b7be75df96918fcdd54a7e7cecfa49bcb10e76bf1cc012 | Triage

Analysis

max time kernel
25s
max time network
26s
platform
windows10_x64
resource
win10v20201028
submitted
13-01-2021 07:30

Sharing

Report Analysis Logs

General

Target

5cf53710626b79c190b7be75df96918fcdd54a7e7cecfa49bcb10e76bf1cc012.dll
Size

275KB
MD5

cd05b098479a767b9b01b2a6dc87f141
SHA1

c577fe36a86bb243b375b78ec6e3be244d19a94c
SHA256

5cf53710626b79c190b7be75df96918fcdd54a7e7cecfa49bcb10e76bf1cc012
SHA512

76e66a2270465341fc54df252fe314f173297473c71142c07d2894c5d2a21cb2d55e00fd0907139dde8b9cd159b7f40241014ed6649ee5ae3bf32a11b8401eb2

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

17 4724 rundll32.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

rundll32.exe

pid process

4724 rundll32.exe
4724 rundll32.exe
4724 rundll32.exe
4724 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4636 wrote to memory of 4724	4636	rundll32.exe	rundll32.exe
PID 4636 wrote to memory of 4724	4636	rundll32.exe	rundll32.exe
PID 4636 wrote to memory of 4724	4636	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5cf53710626b79c190b7be75df96918fcdd54a7e7cecfa49bcb10e76bf1cc012.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4636

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5cf53710626b79c190b7be75df96918fcdd54a7e7cecfa49bcb10e76bf1cc012.dll,#1
2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:4724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4724-2-0x0000000000000000-mapping.dmp

Download