Analysis
-
max time kernel
7s -
max time network
134s -
platform
windows7_x64 -
resource
win7 -
submitted
04-10-2020 14:06
Static task
static1
Behavioral task
behavioral1
Sample
fff929c4f44411e0f8da272f8d1db4593b23acd3c52cf8958792aef9548b4623.dll
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
fff929c4f44411e0f8da272f8d1db4593b23acd3c52cf8958792aef9548b4623.dll
Resource
win10v200722
windows10_x64
0 signatures
0 seconds
General
-
Target
fff929c4f44411e0f8da272f8d1db4593b23acd3c52cf8958792aef9548b4623.dll
-
Size
839KB
-
MD5
6aee58b63843a0d73a98a2922092de8a
-
SHA1
abc6ac9a98360aa065f32e15d0a9293f8aa26e32
-
SHA256
fff929c4f44411e0f8da272f8d1db4593b23acd3c52cf8958792aef9548b4623
-
SHA512
ab93f97b94953edc7d051ffa48cf444d4f09af479746ad88b86907e50d8984919fa1fdef473b2cb73adcb23378c03a81a06eece1cf7b1d12a469c0eec943d20c
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1492 wrote to memory of 1500 1492 rundll32.exe rundll32.exe PID 1492 wrote to memory of 1500 1492 rundll32.exe rundll32.exe PID 1492 wrote to memory of 1500 1492 rundll32.exe rundll32.exe PID 1492 wrote to memory of 1500 1492 rundll32.exe rundll32.exe PID 1492 wrote to memory of 1500 1492 rundll32.exe rundll32.exe PID 1492 wrote to memory of 1500 1492 rundll32.exe rundll32.exe PID 1492 wrote to memory of 1500 1492 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fff929c4f44411e0f8da272f8d1db4593b23acd3c52cf8958792aef9548b4623.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fff929c4f44411e0f8da272f8d1db4593b23acd3c52cf8958792aef9548b4623.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1500-0-0x0000000000000000-mapping.dmp