Analysis Overview
SHA256
a216650a36498389a10434af63324705ac991f815bae1ba65d9ecf31f71862de
Threat Level: Known bad
The file a216650a36498389a10434af63324705ac991f815bae1ba65d9ecf31f71862deexe_JC.exe was found to be: Known bad.
Malicious Activity Summary
SystemBC
Blocklisted process makes network request
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-08-08 18:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-08-08 18:39
Reported
2023-08-08 18:42
Platform
win7-20230712-en
Max time kernel
120s
Max time network
123s
Command Line
Signatures
SystemBC
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a216650a36498389a10434af63324705ac991f815bae1ba65d9ecf31f71862deexe_JC.dll,#1
Network
| Country | Destination | Domain | Proto |
| RU | 5.42.65.67:4298 | tcp |
Files
memory/2624-54-0x0000000077AF0000-0x0000000077AF2000-memory.dmp
memory/2624-57-0x000007FEF51B0000-0x000007FEF5C39000-memory.dmp
memory/2624-56-0x0000000077AF0000-0x0000000077AF2000-memory.dmp
memory/2624-60-0x000007FEF51B0000-0x000007FEF5C39000-memory.dmp
memory/2624-62-0x0000000077940000-0x0000000077AE9000-memory.dmp
memory/2624-61-0x0000000077B00000-0x0000000077B02000-memory.dmp
memory/2624-59-0x0000000077AF0000-0x0000000077AF2000-memory.dmp
memory/2624-64-0x0000000077B00000-0x0000000077B02000-memory.dmp
memory/2624-66-0x0000000077B00000-0x0000000077B02000-memory.dmp
memory/2624-67-0x0000000077B10000-0x0000000077B12000-memory.dmp
memory/2624-69-0x0000000077B10000-0x0000000077B12000-memory.dmp
memory/2624-71-0x0000000077B10000-0x0000000077B12000-memory.dmp
memory/2624-72-0x0000000077B20000-0x0000000077B22000-memory.dmp
memory/2624-74-0x0000000077B20000-0x0000000077B22000-memory.dmp
memory/2624-76-0x0000000077B20000-0x0000000077B22000-memory.dmp
memory/2624-77-0x0000000077B30000-0x0000000077B32000-memory.dmp
memory/2624-79-0x0000000077B30000-0x0000000077B32000-memory.dmp
memory/2624-81-0x0000000077B30000-0x0000000077B32000-memory.dmp
memory/2624-84-0x000007FEFDAD0000-0x000007FEFDAD2000-memory.dmp
memory/2624-86-0x000007FEFDAD0000-0x000007FEFDAD2000-memory.dmp
memory/2624-89-0x000007FEFDAE0000-0x000007FEFDAE2000-memory.dmp
memory/2624-91-0x000007FEFDAE0000-0x000007FEFDAE2000-memory.dmp
memory/2624-93-0x0000000077940000-0x0000000077AE9000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-08-08 18:39
Reported
2023-08-08 18:42
Platform
win10v2004-20230703-en
Max time kernel
142s
Max time network
147s
Command Line
Signatures
SystemBC
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a216650a36498389a10434af63324705ac991f815bae1ba65d9ecf31f71862deexe_JC.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| RU | 5.42.65.67:4298 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.179.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.13.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.173.189.20.in-addr.arpa | udp |
Files
memory/4240-135-0x00007FFFB5DA0000-0x00007FFFB6829000-memory.dmp
memory/4240-134-0x00007FFFD38C0000-0x00007FFFD38C2000-memory.dmp
memory/4240-133-0x00007FFFD38B0000-0x00007FFFD38B2000-memory.dmp
memory/4240-136-0x00007FFFD38D0000-0x00007FFFD38D2000-memory.dmp
memory/4240-137-0x00007FFFB5DA0000-0x00007FFFB6829000-memory.dmp
memory/4240-139-0x00007FFFD1EC0000-0x00007FFFD1EC2000-memory.dmp
memory/4240-138-0x00007FFFD1EB0000-0x00007FFFD1EB2000-memory.dmp
memory/4240-140-0x00007FFFD11B0000-0x00007FFFD11B2000-memory.dmp
memory/4240-141-0x00007FFFD11C0000-0x00007FFFD11C2000-memory.dmp