Analysis
-
max time kernel
137s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
02-05-2022 01:45
General
-
Target
cdf4b776599edc5640c53c2ecdf0959b24d49245e6fae4d1ec57c03cf3660ae9.dll
-
Size
3.5MB
-
MD5
c0a26edbd8e0bb5ba4e32eb3fceb250b
-
SHA1
a6dfd89164d12ffb403c57a22c65fcbe43bd873d
-
SHA256
cdf4b776599edc5640c53c2ecdf0959b24d49245e6fae4d1ec57c03cf3660ae9
-
SHA512
de2cfeadf4b3eb2e5e2bffdf048bcdbfc67622f2befd1391407a00c07e38c0c80ce497060d70f6ce1b797012c795f515d880ceb984c82824c3c92ea7144d2695
Score
10/10
Malware Config
Signatures
-
Detect Numando Payload 1 IoCs
-
Numando
Numando is a banking trojan/backdoor targeting Latin America which uses Youtube and Pastebin for C2 communications.
-
Blocklisted process makes network request 10 IoCs
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cdf4b776599edc5640c53c2ecdf0959b24d49245e6fae4d1ec57c03cf3660ae9.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cdf4b776599edc5640c53c2ecdf0959b24d49245e6fae4d1ec57c03cf3660ae9.dll,#12⤵
- Blocklisted process makes network request
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 8203⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1012 -ip 10121⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.6MB