219594d5b634d5f95904376a1cbd8ecde93b8cdd6cfb785069e51e7eccc78baa | Triage

Analysis

max time kernel
15s
max time network
23s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
01/02/2022, 10:46

Sharing

Report Analysis Logs

General

Target

219594d5b634d5f95904376a1cbd8ecde93b8cdd6cfb785069e51e7eccc78baa.dll
Size

276KB
MD5

0448f77a9999f945a136305716eabe49
SHA1

7d906884962033eb5381fcb018fce79779578584
SHA256

219594d5b634d5f95904376a1cbd8ecde93b8cdd6cfb785069e51e7eccc78baa
SHA512

3270f2a146bf94a5e6981e6d99fde8b9204bb90f5b6b04305261fb6bc10541664bd2f8d6cde290e4296f81c602b649ed6ffc6315c67590506625e59f8263e6db

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\	rundll32.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe
4516	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4300 wrote to memory of 4516	4300	rundll32.exe	81
PID 4300 wrote to memory of 4516	4300	rundll32.exe	81
PID 4300 wrote to memory of 4516	4300	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\219594d5b634d5f95904376a1cbd8ecde93b8cdd6cfb785069e51e7eccc78baa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4300
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\219594d5b634d5f95904376a1cbd8ecde93b8cdd6cfb785069e51e7eccc78baa.dll,#1
  2⤵
  - Drops file in Windows directory
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads