Analysis
-
max time kernel
114s -
max time network
120s -
platform
windows7_x64 -
resource
win7 -
submitted
30-06-2020 15:58
Static task
static1
Behavioral task
behavioral1
Sample
response.bin.dll
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
response.bin.dll
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
response.bin.dll
-
Size
309KB
-
MD5
dfa5e4fd4ec7c885aec6150c8723b813
-
SHA1
1bbd1028c1e380abd061355ba4d81075d2c34803
-
SHA256
f832c39ea27975ce3cb9fb60b6369274afd59b732a04624787cb820e0b52cee2
-
SHA512
27821983284fa80527b6aaf246bc376e9ce0941c653068c4c82744298a4368e21ff9f58b48504aa37d257daf4db2f1c1f9e0d0a5cb2953183dc9da49f2abcb0a
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1612 wrote to memory of 364 1612 rundll32.exe rundll32.exe PID 1612 wrote to memory of 364 1612 rundll32.exe rundll32.exe PID 1612 wrote to memory of 364 1612 rundll32.exe rundll32.exe PID 1612 wrote to memory of 364 1612 rundll32.exe rundll32.exe PID 1612 wrote to memory of 364 1612 rundll32.exe rundll32.exe PID 1612 wrote to memory of 364 1612 rundll32.exe rundll32.exe PID 1612 wrote to memory of 364 1612 rundll32.exe rundll32.exe PID 364 wrote to memory of 1052 364 rundll32.exe wscript.exe PID 364 wrote to memory of 1052 364 rundll32.exe wscript.exe PID 364 wrote to memory of 1052 364 rundll32.exe wscript.exe PID 364 wrote to memory of 1052 364 rundll32.exe wscript.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\response.bin.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\response.bin.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wscript.exewscript.exe //E:jscript "C:\Users\Public\MVexBafTc.Sszxu3⤵
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵