955872cfb0bb4bcd20915388465c82cde411042672fdc95c25fb4f7964bf29e3 | Triage

Analysis

max time kernel
18s
max time network
28s
platform
windows10_x64
resource
win10v20201028
submitted
13-01-2021 07:29

Sharing

Report Analysis Logs

General

Target

955872cfb0bb4bcd20915388465c82cde411042672fdc95c25fb4f7964bf29e3.dll
Size

269KB
MD5

9d7bcffc9a4dabefb8ce24f24ee46297
SHA1

97d70ff5fd2aed8014df0d567b39050fe6e2410d
SHA256

955872cfb0bb4bcd20915388465c82cde411042672fdc95c25fb4f7964bf29e3
SHA512

b4fc3a8397fa386a815fe5616bc621d3c55ec4d1ab26fe59260a02ebde8b84ac2668a7c117ec0a878d5cb33c07287b72cd1bd143445a02998b21d7ce0e48de0d

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

15 3596 rundll32.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

rundll32.exe

pid process

3596 rundll32.exe
3596 rundll32.exe
3596 rundll32.exe
3596 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 648 wrote to memory of 3596	648	rundll32.exe	rundll32.exe
PID 648 wrote to memory of 3596	648	rundll32.exe	rundll32.exe
PID 648 wrote to memory of 3596	648	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\955872cfb0bb4bcd20915388465c82cde411042672fdc95c25fb4f7964bf29e3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:648

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\955872cfb0bb4bcd20915388465c82cde411042672fdc95c25fb4f7964bf29e3.dll,#1
2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:3596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3596-2-0x0000000000000000-mapping.dmp

Download