Analysis
-
max time kernel
18s -
max time network
28s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
13-01-2021 07:29
Static task
static1
Behavioral task
behavioral1
Sample
955872cfb0bb4bcd20915388465c82cde411042672fdc95c25fb4f7964bf29e3.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
955872cfb0bb4bcd20915388465c82cde411042672fdc95c25fb4f7964bf29e3.dll
-
Size
269KB
-
MD5
9d7bcffc9a4dabefb8ce24f24ee46297
-
SHA1
97d70ff5fd2aed8014df0d567b39050fe6e2410d
-
SHA256
955872cfb0bb4bcd20915388465c82cde411042672fdc95c25fb4f7964bf29e3
-
SHA512
b4fc3a8397fa386a815fe5616bc621d3c55ec4d1ab26fe59260a02ebde8b84ac2668a7c117ec0a878d5cb33c07287b72cd1bd143445a02998b21d7ce0e48de0d
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 15 3596 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
rundll32.exepid process 3596 rundll32.exe 3596 rundll32.exe 3596 rundll32.exe 3596 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 648 wrote to memory of 3596 648 rundll32.exe rundll32.exe PID 648 wrote to memory of 3596 648 rundll32.exe rundll32.exe PID 648 wrote to memory of 3596 648 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\955872cfb0bb4bcd20915388465c82cde411042672fdc95c25fb4f7964bf29e3.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:648 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\955872cfb0bb4bcd20915388465c82cde411042672fdc95c25fb4f7964bf29e3.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:3596
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3596-2-0x0000000000000000-mapping.dmp