006c2760424ed9955440c3e34578b3da016dc19a5ba7b4ff46c6ab126423e4fb | Triage

Analysis

max time kernel
12s
max time network
18s
platform
windows10_x64
resource
win10v20201028
submitted
13-01-2021 07:29

Sharing

Report Analysis Logs

General

Target

006c2760424ed9955440c3e34578b3da016dc19a5ba7b4ff46c6ab126423e4fb.dll
Size

239KB
MD5

1133526dad8bbd4114ef8799d5058ca1
SHA1

1799e0d4c206c0722342a084e89dbeb64e4ba82f
SHA256

006c2760424ed9955440c3e34578b3da016dc19a5ba7b4ff46c6ab126423e4fb
SHA512

3b1169e644d3155b29cada945a0b428f733e88228773a7ad2584605e005e127c2a6217e95b85200ba337cda3382e60b26299d7fd41023cd9e655a336d119232d

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

15 3224 rundll32.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

rundll32.exe

pid process

3224 rundll32.exe
3224 rundll32.exe
3224 rundll32.exe
3224 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 744 wrote to memory of 3224	744	rundll32.exe	rundll32.exe
PID 744 wrote to memory of 3224	744	rundll32.exe	rundll32.exe
PID 744 wrote to memory of 3224	744	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\006c2760424ed9955440c3e34578b3da016dc19a5ba7b4ff46c6ab126423e4fb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:744

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\006c2760424ed9955440c3e34578b3da016dc19a5ba7b4ff46c6ab126423e4fb.dll,#1
2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:3224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3224-2-0x0000000000000000-mapping.dmp

Download