Analysis

  • max time kernel
    12s
  • max time network
    18s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    13-01-2021 07:29

General

  • Target

    006c2760424ed9955440c3e34578b3da016dc19a5ba7b4ff46c6ab126423e4fb.dll

  • Size

    239KB

  • MD5

    1133526dad8bbd4114ef8799d5058ca1

  • SHA1

    1799e0d4c206c0722342a084e89dbeb64e4ba82f

  • SHA256

    006c2760424ed9955440c3e34578b3da016dc19a5ba7b4ff46c6ab126423e4fb

  • SHA512

    3b1169e644d3155b29cada945a0b428f733e88228773a7ad2584605e005e127c2a6217e95b85200ba337cda3382e60b26299d7fd41023cd9e655a336d119232d

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\006c2760424ed9955440c3e34578b3da016dc19a5ba7b4ff46c6ab126423e4fb.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:744
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\006c2760424ed9955440c3e34578b3da016dc19a5ba7b4ff46c6ab126423e4fb.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      PID:3224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads