Analysis
-
max time kernel
12s -
max time network
18s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
13-01-2021 07:29
Static task
static1
Behavioral task
behavioral1
Sample
006c2760424ed9955440c3e34578b3da016dc19a5ba7b4ff46c6ab126423e4fb.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
006c2760424ed9955440c3e34578b3da016dc19a5ba7b4ff46c6ab126423e4fb.dll
-
Size
239KB
-
MD5
1133526dad8bbd4114ef8799d5058ca1
-
SHA1
1799e0d4c206c0722342a084e89dbeb64e4ba82f
-
SHA256
006c2760424ed9955440c3e34578b3da016dc19a5ba7b4ff46c6ab126423e4fb
-
SHA512
3b1169e644d3155b29cada945a0b428f733e88228773a7ad2584605e005e127c2a6217e95b85200ba337cda3382e60b26299d7fd41023cd9e655a336d119232d
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
flow pid Process 15 3224 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3224 rundll32.exe 3224 rundll32.exe 3224 rundll32.exe 3224 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 744 wrote to memory of 3224 744 rundll32.exe 57 PID 744 wrote to memory of 3224 744 rundll32.exe 57 PID 744 wrote to memory of 3224 744 rundll32.exe 57
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\006c2760424ed9955440c3e34578b3da016dc19a5ba7b4ff46c6ab126423e4fb.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:744 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\006c2760424ed9955440c3e34578b3da016dc19a5ba7b4ff46c6ab126423e4fb.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:3224
-