Analysis
-
max time kernel
135s -
max time network
137s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
08-11-2020 17:57
Static task
static1
Behavioral task
behavioral1
Sample
16810cedf2031347d3fcab9965892e07c9705237f3b43bbce520cc6a44d58756.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
16810cedf2031347d3fcab9965892e07c9705237f3b43bbce520cc6a44d58756.dll
-
Size
734KB
-
MD5
c0273044f0f16afa626bf0155c8edafc
-
SHA1
1d22144caeec532b6cc3d02ecfe504a5b937b189
-
SHA256
16810cedf2031347d3fcab9965892e07c9705237f3b43bbce520cc6a44d58756
-
SHA512
8028322e912eebd816aa76ca30a6635bd47cd6a63c2e11847fd0619a6b2290765d66ad3aaa97f449bb70eac0ef2df7e6d75d1f4b3ab10ab69d1b7011b02db7e1
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 492 wrote to memory of 908 492 rundll32.exe rundll32.exe PID 492 wrote to memory of 908 492 rundll32.exe rundll32.exe PID 492 wrote to memory of 908 492 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\16810cedf2031347d3fcab9965892e07c9705237f3b43bbce520cc6a44d58756.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\16810cedf2031347d3fcab9965892e07c9705237f3b43bbce520cc6a44d58756.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/908-0-0x0000000000000000-mapping.dmp