Analysis
-
max time kernel
119s -
max time network
143s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
30-06-2020 15:58
Static task
static1
Behavioral task
behavioral1
Sample
response.bin.dll
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
response.bin.dll
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
response.bin.dll
-
Size
309KB
-
MD5
dfa5e4fd4ec7c885aec6150c8723b813
-
SHA1
1bbd1028c1e380abd061355ba4d81075d2c34803
-
SHA256
f832c39ea27975ce3cb9fb60b6369274afd59b732a04624787cb820e0b52cee2
-
SHA512
27821983284fa80527b6aaf246bc376e9ce0941c653068c4c82744298a4368e21ff9f58b48504aa37d257daf4db2f1c1f9e0d0a5cb2953183dc9da49f2abcb0a
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1460 wrote to memory of 1524 1460 rundll32.exe rundll32.exe PID 1460 wrote to memory of 1524 1460 rundll32.exe rundll32.exe PID 1460 wrote to memory of 1524 1460 rundll32.exe rundll32.exe PID 1524 wrote to memory of 2800 1524 rundll32.exe wscript.exe PID 1524 wrote to memory of 2800 1524 rundll32.exe wscript.exe PID 1524 wrote to memory of 2800 1524 rundll32.exe wscript.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\response.bin.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\response.bin.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wscript.exewscript.exe //E:jscript "C:\Users\Public\MVexBafTc.Sszxu3⤵
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵