Analysis
-
max time kernel
19s -
max time network
29s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
13-01-2021 07:30
Static task
static1
Behavioral task
behavioral1
Sample
3a54ba07f68323912aea3cbb39139c24213a24d698b67f76c279c8665ae33e7a.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
3a54ba07f68323912aea3cbb39139c24213a24d698b67f76c279c8665ae33e7a.dll
-
Size
269KB
-
MD5
bc3e2da32788823d2f887d730b15845b
-
SHA1
c6c6bfce1a1dfbf8dac3f6f9dd285a99b6c0e3a4
-
SHA256
3a54ba07f68323912aea3cbb39139c24213a24d698b67f76c279c8665ae33e7a
-
SHA512
30f48f8bb8dc9789c4d14a66ce5dcc66688eadafb58b2a559056c00c10628e844e1ec97f94a91daaba82c65a3a8c59d2a7e52c96403c95468627b5f43cf03a47
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 20 3888 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
rundll32.exepid process 3888 rundll32.exe 3888 rundll32.exe 3888 rundll32.exe 3888 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3084 wrote to memory of 3888 3084 rundll32.exe rundll32.exe PID 3084 wrote to memory of 3888 3084 rundll32.exe rundll32.exe PID 3084 wrote to memory of 3888 3084 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3a54ba07f68323912aea3cbb39139c24213a24d698b67f76c279c8665ae33e7a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3084 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3a54ba07f68323912aea3cbb39139c24213a24d698b67f76c279c8665ae33e7a.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:3888
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3888-2-0x0000000000000000-mapping.dmp