3d25f31dd7543a1b26a25bc18f3de2e48d44ee5b61d0c7f0ebad1c848e5e2e66 | Triage

Analysis

max time kernel
86s
max time network
136s
platform
windows10_x64
resource
win10-en-20211104
submitted
11-11-2021 13:15

Sharing

Report Analysis Logs

General

Target

1.dll
Size

13KB
MD5

529ad0ebe8403807a19bbc010689ab55
SHA1

efd93c9f0101b6841207bb65adf89e91c599eca4
SHA256

3d25f31dd7543a1b26a25bc18f3de2e48d44ee5b61d0c7f0ebad1c848e5e2e66
SHA512

df76d06e656a1fc53445bfe820920367d89fe80b7d8230cdfd6fc13c295219b479ca29a816895bd417f8800ab3e8934548eafa8bf92092fed3fea6c1bd3a1683

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

12 1872 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1912 wrote to memory of 1872	1912	rundll32.exe	rundll32.exe
PID 1912 wrote to memory of 1872	1912	rundll32.exe	rundll32.exe
PID 1912 wrote to memory of 1872	1912	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1912

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1.dll,#1
2⤵
- Blocklisted process makes network request
PID:1872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1872-118-0x0000000000000000-mapping.dmp

Download