Analysis
-
max time kernel
4s -
max time network
11s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
08-11-2020 18:04
Static task
static1
Behavioral task
behavioral1
Sample
1b2280c672a0c67cff768f8db2ac4e004a1fec372b005d87b1f1f1fa4429fb32.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
1b2280c672a0c67cff768f8db2ac4e004a1fec372b005d87b1f1f1fa4429fb32.dll
-
Size
723KB
-
MD5
4813c799f7b4fb4d0f2f152fe923e1a3
-
SHA1
9945a97fe1e190ac51489cef4aa1f6e30dee2614
-
SHA256
1b2280c672a0c67cff768f8db2ac4e004a1fec372b005d87b1f1f1fa4429fb32
-
SHA512
c2d01ba085602e19917dae32f6b9f50ded19083cf93b03651c1dfd01cb7b10423db40bd155d31b3010b3bdb5416b48f7a33e2afc3bfc9050a98dcf0dac73ca9e
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1688 wrote to memory of 1868 1688 rundll32.exe rundll32.exe PID 1688 wrote to memory of 1868 1688 rundll32.exe rundll32.exe PID 1688 wrote to memory of 1868 1688 rundll32.exe rundll32.exe PID 1688 wrote to memory of 1868 1688 rundll32.exe rundll32.exe PID 1688 wrote to memory of 1868 1688 rundll32.exe rundll32.exe PID 1688 wrote to memory of 1868 1688 rundll32.exe rundll32.exe PID 1688 wrote to memory of 1868 1688 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1b2280c672a0c67cff768f8db2ac4e004a1fec372b005d87b1f1f1fa4429fb32.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1b2280c672a0c67cff768f8db2ac4e004a1fec372b005d87b1f1f1fa4429fb32.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1868-0-0x0000000000000000-mapping.dmp