85d0b72fe822fd6c22827b4da1917d2c1f2d9faa838e003e78e533384ea80939 | Triage

Resubmissions

21-09-2021 13:35

210921-qvmdcacceq 10

16-09-2021 14:37

210916-ry5vjagdhr 8

Analysis

max time kernel
140s
max time network
142s
platform
windows10_x64
resource
win10v20210408
submitted
16-09-2021 14:37

Sharing

Report Analysis Logs

General

Target

www1.dll
Size

316KB
MD5

5ec89ea30af2cc38ae183d12ffacbcf7
SHA1

bee82e104c1082442c7ff029b2781a04a3e80cd5
SHA256

85d0b72fe822fd6c22827b4da1917d2c1f2d9faa838e003e78e533384ea80939
SHA512

7e25703e68ec87d1da4b8d5f2bfe4e1e09b6bd88bb3e662b82cda77496badd5c6c1b3685ade9c4d4a100fb43972d3356bb22c7089a4edc2e1c174aa3fbf639cf

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 5 IoCs

flow	pid	Process
7	860	rundll32.exe
13	860	rundll32.exe
16	860	rundll32.exe
18	860	rundll32.exe
19	860	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 860	764	rundll32.exe	68
PID 764 wrote to memory of 860	764	rundll32.exe	68
PID 764 wrote to memory of 860	764	rundll32.exe	68

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\www1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:764
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\www1.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/860-116-0x00000000743F0000-0x0000000074452000-memory.dmp

Filesize
392KB

Download
memory/860-115-0x00000000743F0000-0x0000000074401000-memory.dmp

Filesize
68KB

Download
memory/860-117-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download