96c2370487439e8893bed1bfde2c2a96e1605151e01e4818272f29e875bc2a48 | Triage

Analysis

max time kernel
93s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 12:03

Sharing

Report Analysis Logs

General

Target

cldapi.dll
Size

106KB
MD5

01616e91c5618d727f6a8110a582e3ff
SHA1

e9aa14e41488e8272a9034f628d5c15c86c1619c
SHA256

96c2370487439e8893bed1bfde2c2a96e1605151e01e4818272f29e875bc2a48
SHA512

665c53573fe1fc98979480f647c4f8f1ce59768e239cfe47a5251edef14aad796773d0eb879c2b0c0808c929e883642438b45b6e49992fb8079b7d94d3aaa76a
SSDEEP

1536:5iJM8nswqA16+4QkrhS5xageP6zsFM5wD8foEGQReErSn8SG2g:5iJ6A1zRDjxePUsfJEGDyS8SG2

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 10 IoCs

flow	pid	Process
2	5092	rundll32.exe
4	5092	rundll32.exe
6	5092	rundll32.exe
8	5092	rundll32.exe
10	5092	rundll32.exe
25	5092	rundll32.exe
27	5092	rundll32.exe
28	5092	rundll32.exe
42	5092	rundll32.exe
43	5092	rundll32.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
5092	rundll32.exe
5092	rundll32.exe
5092	rundll32.exe
5092	rundll32.exe
5092	rundll32.exe
5092	rundll32.exe
5092	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cldapi.dll,#1
1⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:5092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5092-14-0x00000151F53B0000-0x00000151F5891000-memory.dmp

Filesize
4.9MB

Download
memory/5092-15-0x0000000067D40000-0x00000000685FA000-memory.dmp

Filesize
8.7MB

Download