Analysis
-
max time kernel
128s -
max time network
124s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
07-07-2020 07:00
Static task
static1
Behavioral task
behavioral1
Sample
cvent.bin.dll
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
cvent.bin.dll
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
cvent.bin.dll
-
Size
464KB
-
MD5
0474325cfc9bb94ada64c4ac026cf0f6
-
SHA1
bca3b42e3b6717c8ef2d0966e78f5dd12c35e5fb
-
SHA256
563463dca03d5d1d64d11465d2a511f995254663194032a891fd5491c4062cff
-
SHA512
031db5b4add2d5c69cd8ea7a04b8bdae8635a3d33776b91b4e1942bf24e0c0a6ac0f08ea4ba5caaf010a7b623166c95c9c9f8c90d946b58a95e08e39afa5a5f8
Score
10/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1484 wrote to memory of 1548 1484 rundll32.exe rundll32.exe PID 1484 wrote to memory of 1548 1484 rundll32.exe rundll32.exe PID 1484 wrote to memory of 1548 1484 rundll32.exe rundll32.exe -
Blacklisted process makes network request 4 IoCs
Processes:
rundll32.exeflow pid process 4 1548 rundll32.exe 6 1548 rundll32.exe 8 1548 rundll32.exe 10 1548 rundll32.exe -
Donot APT Downloader
A downloader used by Donot APT group to download further modules.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cvent.bin.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cvent.bin.dll,#12⤵
- Blacklisted process makes network request
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1548-0-0x0000000000000000-mapping.dmp