Analysis
-
max time kernel
48s -
max time network
60s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
14-01-2021 00:53
General
-
Target
E1-20191212_112720.dll
-
Size
271KB
-
MD5
6d65571a1d5bb5ce2f3168dbcc6c12c9
-
SHA1
c5c2903fcdf700d27b240f834f1641b67fa352c7
-
SHA256
8fa8d19ca8875f370b5267c9e666f67d3eeb4ea55d061e6ac0aa618e8ac3d8de
-
SHA512
84732ad954375ee0d524c38cad5898cff8c8b1bdfb67c9ae7f8920c2c2f098871d7e1ee87c118c6cf1fd09cbad919a43897715112a1506139f62547ee74f04a3
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
-
Drops file in System32 directory 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\E1-20191212_112720.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\E1-20191212_112720.dll,#12⤵
- Drops file in System32 directory
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Ywdbzlwia\nlmcsxpi.nlr",ShowDialogA3⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1332-2-0x0000000000000000-mapping.dmp
-
memory/2276-3-0x0000000000000000-mapping.dmp