Analysis
-
max time kernel
136s -
max time network
143s -
platform
windows7_x64 -
resource
win7 -
submitted
30-06-2020 16:03
Static task
static1
Behavioral task
behavioral1
Sample
47ce0f.dll
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
47ce0f.dll
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
47ce0f.dll
-
Size
98KB
-
MD5
834fbacdff8eaaf8163b00175e1dfff0
-
SHA1
a636c33b41dfb92312a6c8379169a80a6b57d02f
-
SHA256
47ce0f84aceaca95dfa327d9bf9c1eeacbde6cf5a4673bb2a4c96d1938958835
-
SHA512
824cce42249d66b36826c17ba974cf932d3b2c0f48ebd85c195be6743187a15e53610546480f9dededa059847d48c9deb27eb99ed95c2ed4b242a8599331387d
Score
8/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 740 wrote to memory of 1116 740 rundll32.exe rundll32.exe PID 740 wrote to memory of 1116 740 rundll32.exe rundll32.exe PID 740 wrote to memory of 1116 740 rundll32.exe rundll32.exe PID 740 wrote to memory of 1116 740 rundll32.exe rundll32.exe PID 740 wrote to memory of 1116 740 rundll32.exe rundll32.exe PID 740 wrote to memory of 1116 740 rundll32.exe rundll32.exe PID 740 wrote to memory of 1116 740 rundll32.exe rundll32.exe -
Blacklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 2 1116 rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\47ce0f.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\47ce0f.dll,#12⤵
- Blacklisted process makes network request
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1116-0-0x0000000000000000-mapping.dmp