Resubmissions

21-09-2021 13:21

210921-qltfashfc5 10

20-09-2021 11:39

210920-nsfrnsgefn 8

Analysis

  • max time kernel
    151s
  • max time network
    128s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    20-09-2021 11:39

General

  • Target

    test.test.dll

  • Size

    249KB

  • MD5

    69c9b5e0c3e6346f468ed148fc318529

  • SHA1

    4ad69a31a65172cdcaa6e3ea1afad7b4e30b88d9

  • SHA256

    3026fb99476bfb40357573b15fc63c0c63b1e9bd99f8266e91da21b80fe903cf

  • SHA512

    6f1bc5ea61583efe89c372bdbcdccb52b3b8571a0acf5d41f07e7111dd00af0adeab4dd93c1b8384b153354117b8e81fa63045e5bdc63eae4384652c627f379d

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\test.test.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1832
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\test.test.dll,#1
      2⤵
      • Blocklisted process makes network request
      PID:740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/740-116-0x00000000743F0000-0x000000007442D000-memory.dmp

    Filesize

    244KB

  • memory/740-115-0x00000000042B0000-0x00000000042BE000-memory.dmp

    Filesize

    56KB