Analysis
-
max time kernel
3s -
max time network
12s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
06-11-2020 11:30
Behavioral task
behavioral1
Sample
0856bff07c493916b93bcdf3cf6eef6b2341720e9fbe1fc44a33c03e88728a5a.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
0856bff07c493916b93bcdf3cf6eef6b2341720e9fbe1fc44a33c03e88728a5a.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
0856bff07c493916b93bcdf3cf6eef6b2341720e9fbe1fc44a33c03e88728a5a.dll
-
Size
354KB
-
MD5
4984d8b44e60501d23606a4ffcd6547c
-
SHA1
bb9d88cadeeb6f3be85f66ae00d3e81ba803bf70
-
SHA256
0856bff07c493916b93bcdf3cf6eef6b2341720e9fbe1fc44a33c03e88728a5a
-
SHA512
2c5667c19b79565ad66bd0bd1e61a67a0f522fec175eb20834928ed44710f5efdb356dfb472cc850c8b1a4f46f508b424c23b8c0261766c39a08f91b5b380969
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1900 wrote to memory of 1344 1900 rundll32.exe rundll32.exe PID 1900 wrote to memory of 1344 1900 rundll32.exe rundll32.exe PID 1900 wrote to memory of 1344 1900 rundll32.exe rundll32.exe PID 1900 wrote to memory of 1344 1900 rundll32.exe rundll32.exe PID 1900 wrote to memory of 1344 1900 rundll32.exe rundll32.exe PID 1900 wrote to memory of 1344 1900 rundll32.exe rundll32.exe PID 1900 wrote to memory of 1344 1900 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0856bff07c493916b93bcdf3cf6eef6b2341720e9fbe1fc44a33c03e88728a5a.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0856bff07c493916b93bcdf3cf6eef6b2341720e9fbe1fc44a33c03e88728a5a.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1344-0-0x0000000000000000-mapping.dmp