ta505 | 4bda777159fcaf021cb5ac98dc6f427fc0dc4725abb6a3d6521d7a0f89897063 | Triage

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-en-20211208
submitted
01/02/2022, 16:11

Sharing

Report Analysis Logs

General

Target

4bda777159fcaf021cb5ac98dc6f427fc0dc4725abb6a3d6521d7a0f89897063.dll
Size

240KB
MD5

1407415f1df63ffa944e61bd0020f9f1
SHA1

194a42c44da4e56bac8d3675764da833c8692fe3
SHA256

4bda777159fcaf021cb5ac98dc6f427fc0dc4725abb6a3d6521d7a0f89897063
SHA512

e23317a793116972a48a9d3ffd03343adecb6758ccf5bdf8cc3fcf5f09b64b2932818968a5234689e74eed61de21f728f7d134e804e1d547266739dda53b11b0

Score

10^/10

ta505

Malware Config

Signatures

TA505
Cybercrime group active since 2015, responsible for families like Dridex and Locky.
ta505

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1600	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bda777159fcaf021cb5ac98dc6f427fc0dc4725abb6a3d6521d7a0f89897063.dll,#1
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1600-54-0x0000000000100000-0x0000000000103000-memory.dmp

Filesize
12KB

Download
memory/1600-55-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/1600-56-0x000000006F4F0000-0x0000000071532000-memory.dmp

Filesize
32.3MB

Download