3a54ba07f68323912aea3cbb39139c24213a24d698b67f76c279c8665ae33e7a | Triage

Analysis

max time kernel
19s
max time network
29s
platform
windows10_x64
resource
win10v20201028
submitted
13-01-2021 07:30

Sharing

Report Analysis Logs

General

Target

3a54ba07f68323912aea3cbb39139c24213a24d698b67f76c279c8665ae33e7a.dll
Size

269KB
MD5

bc3e2da32788823d2f887d730b15845b
SHA1

c6c6bfce1a1dfbf8dac3f6f9dd285a99b6c0e3a4
SHA256

3a54ba07f68323912aea3cbb39139c24213a24d698b67f76c279c8665ae33e7a
SHA512

30f48f8bb8dc9789c4d14a66ce5dcc66688eadafb58b2a559056c00c10628e844e1ec97f94a91daaba82c65a3a8c59d2a7e52c96403c95468627b5f43cf03a47

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

20 3888 rundll32.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

rundll32.exe

pid process

3888 rundll32.exe
3888 rundll32.exe
3888 rundll32.exe
3888 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3084 wrote to memory of 3888	3084	rundll32.exe	rundll32.exe
PID 3084 wrote to memory of 3888	3084	rundll32.exe	rundll32.exe
PID 3084 wrote to memory of 3888	3084	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a54ba07f68323912aea3cbb39139c24213a24d698b67f76c279c8665ae33e7a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3084

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a54ba07f68323912aea3cbb39139c24213a24d698b67f76c279c8665ae33e7a.dll,#1
2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:3888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3888-2-0x0000000000000000-mapping.dmp

Download