Analysis

  • max time kernel
    72s
  • max time network
    167s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220112
  • submitted
    01-02-2022 16:17

General

  • Target

    07be5d876aa45fd4d6f68a7c3ffa9e0a67f4d3d5f557309e5621334ffea74b84.dll

  • Size

    327KB

  • MD5

    aa22a99a52c046473ec73a0665bd4f4c

  • SHA1

    87d1fc8cd625b868c37ed8775069a11175ed4253

  • SHA256

    07be5d876aa45fd4d6f68a7c3ffa9e0a67f4d3d5f557309e5621334ffea74b84

  • SHA512

    072a53c5cd91d3952f8cad296e909d6bac3ff237175354aebab65347e79c707e429dbd5df2dce1f5b36d038abc56f67b07b4c560407b60ae147f6abd9c101f66

Score
10/10

Malware Config

Signatures

  • TA505

    Cybercrime group active since 2015, responsible for families like Dridex and Locky.

  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\07be5d876aa45fd4d6f68a7c3ffa9e0a67f4d3d5f557309e5621334ffea74b84.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:2164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2164-131-0x000001C52D470000-0x000001C52D471000-memory.dmp

    Filesize

    4KB

  • memory/2164-130-0x000001C52D460000-0x000001C52D463000-memory.dmp

    Filesize

    12KB

  • memory/2164-132-0x0000000072E20000-0x0000000072E78000-memory.dmp

    Filesize

    352KB