219594d5b634d5f95904376a1cbd8ecde93b8cdd6cfb785069e51e7eccc78baa | Triage

Analysis

max time kernel
15s
max time network
23s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
01-02-2022 10:46

Sharing

Report Analysis Logs

General

Target

219594d5b634d5f95904376a1cbd8ecde93b8cdd6cfb785069e51e7eccc78baa.dll
Size

276KB
MD5

0448f77a9999f945a136305716eabe49
SHA1

7d906884962033eb5381fcb018fce79779578584
SHA256

219594d5b634d5f95904376a1cbd8ecde93b8cdd6cfb785069e51e7eccc78baa
SHA512

3270f2a146bf94a5e6981e6d99fde8b9204bb90f5b6b04305261fb6bc10541664bd2f8d6cde290e4296f81c602b649ed6ffc6315c67590506625e59f8263e6db

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

Processes:

rundll32.exe

description ioc process

File opened for modification C:\Windows\ rundll32.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

rundll32.exe

pid	process
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

rundll32.exe

pid	process
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4300 wrote to memory of 4516	4300	rundll32.exe	rundll32.exe
PID 4300 wrote to memory of 4516	4300	rundll32.exe	rundll32.exe
PID 4300 wrote to memory of 4516	4300	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\219594d5b634d5f95904376a1cbd8ecde93b8cdd6cfb785069e51e7eccc78baa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4300

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\219594d5b634d5f95904376a1cbd8ecde93b8cdd6cfb785069e51e7eccc78baa.dll,#1
2⤵
- Drops file in Windows directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4516

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...