e6bdeae21f873a739645c0f4cc86c91432ea1d2c229aac9af135f691482fdc9b

General

Target

e6bdeae21f873a739645c0f4cc86c91432ea1d2c229aac9af135f691482fdc9b.dll
Size

192KB
MD5

1e3114933e986925635982ecd5233f20
SHA1

64b02073f88dfcac300047857a1d68aedee83481
SHA256

e6bdeae21f873a739645c0f4cc86c91432ea1d2c229aac9af135f691482fdc9b
SHA512

750eb418876df845ae49e13300a67811c4c7afa020473397df9e483d76ee41afb35974b1bc13f150f54d1a4f9e3af5960f8a4de65a2d65e46864b812ed276381

Score

8^/10

Executes dropped EXE 1 IoCs

Processes:

ແຟԴեCCC;ↈↈↈ;ծCC;ↈↈↈ;CCCաայデモツリルのCCC;ↈↈↈ;CCルクフリ;;;հաշվում;ແຟ້ມຕົ້;;;ենկテーブルыսա.exe

pid	process
1712	ແຟԴեCCC;ↈↈↈ;ծCC;ↈↈↈ;CCCաայデモツリルのCCC;ↈↈↈ;CCルクフリ;;;հաշվում;ແຟ້ມຕົ້;;;ենկテーブルыսա.exe

Loads dropped DLL 1 IoCs

Processes:

rundll32.exe

pid process

936 rundll32.exe

pid	process
936	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 1732 wrote to memory of 936	1732	rundll32.exe	rundll32.exe
PID 1732 wrote to memory of 936	1732	rundll32.exe	rundll32.exe
PID 1732 wrote to memory of 936	1732	rundll32.exe	rundll32.exe
PID 1732 wrote to memory of 936	1732	rundll32.exe	rundll32.exe
PID 1732 wrote to memory of 936	1732	rundll32.exe	rundll32.exe
PID 1732 wrote to memory of 936	1732	rundll32.exe	rundll32.exe
PID 1732 wrote to memory of 936	1732	rundll32.exe	rundll32.exe
PID 936 wrote to memory of 1712	936	rundll32.exe	ແຟԴեCCC;ↈↈↈ;ծCC;ↈↈↈ;CCCաայデモツリルのCCC;ↈↈↈ;CCルクフリ;;;հաշվում;ແຟ້ມຕົ້;;;ենկテーブルыսա.exe
PID 936 wrote to memory of 1712	936	rundll32.exe	ແຟԴեCCC;ↈↈↈ;ծCC;ↈↈↈ;CCCաայデモツリルのCCC;ↈↈↈ;CCルクフリ;;;հաշվում;ແຟ້ມຕົ້;;;ենկテーブルыսա.exe
PID 936 wrote to memory of 1712	936	rundll32.exe	ແຟԴեCCC;ↈↈↈ;ծCC;ↈↈↈ;CCCաայデモツリルのCCC;ↈↈↈ;CCルクフリ;;;հաշվում;ແຟ້ມຕົ້;;;ենկテーブルыսա.exe
PID 936 wrote to memory of 1712	936	rundll32.exe	ແຟԴեCCC;ↈↈↈ;ծCC;ↈↈↈ;CCCաայデモツリルのCCC;ↈↈↈ;CCルクフリ;;;հաշվում;ແຟ້ມຕົ້;;;ենկテーブルыսա.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e6bdeae21f873a739645c0f4cc86c91432ea1d2c229aac9af135f691482fdc9b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1732

C:\ProgramData\ແຟԴեCCC;ↈↈↈ;ծCC;ↈↈↈ;CCCաայデモツリルのCCC;ↈↈↈ;CCルクフリ;;;հաշվում;ແຟ້ມຕົ້;;;ենկテーブルыսա.exe
"C:\ProgramData\ແຟԴեCCC;ↈↈↈ;ծCC;ↈↈↈ;CCCաայデモツリルのCCC;ↈↈↈ;CCルクフリ;;;հաշվում;ແຟ້ມຕົ້;;;ենկテーブルыսա.exe"
3⤵
- Executes dropped EXE
PID:1712

C:\ProgramData\ແຟԴեCCC;ↈↈↈ;ծCC;ↈↈↈ;CCCաայデモツリルのCCC;ↈↈↈ;CCルクフリ;;;հաշվում;ແຟ້ມຕົ້;;;ենկテーブルыսա.exe
Filesize
43KB

MD5
51138beea3e2c21ec44d0932c71762a8

SHA1
8939cf35447b22dd2c6e6f443446acc1bf986d58

SHA256
5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124

SHA512
794f30fe452117ff2a26dc9d7086aaf82b639c2632ac2e381a81f5239caaec7c96922ba5d2d90bfd8d74f0a6cd4f79fbda63e14c6b779e5cf6834c13e4e45e7d

Download Submit
\ProgramData\ແຟԴեCCC;ↈↈↈ;ծCC;ↈↈↈ;CCCաայデモツリルのCCC;ↈↈↈ;CCルクフリ;;;հաշվում;ແຟ້ມຕົ້;;;ենկテーブルыսա.exe
Filesize
43KB

MD5
51138beea3e2c21ec44d0932c71762a8

SHA1
8939cf35447b22dd2c6e6f443446acc1bf986d58

SHA256
5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124

SHA512
794f30fe452117ff2a26dc9d7086aaf82b639c2632ac2e381a81f5239caaec7c96922ba5d2d90bfd8d74f0a6cd4f79fbda63e14c6b779e5cf6834c13e4e45e7d

Download Submit
memory/936-54-0x0000000000000000-mapping.dmp

Download
memory/936-55-0x00000000750C1000-0x00000000750C3000-memory.dmp

Filesize
8KB

Download
memory/1712-57-0x0000000000000000-mapping.dmp

Download