Analysis
-
max time kernel
12s -
max time network
118s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
08-11-2020 18:01
Static task
static1
Behavioral task
behavioral1
Sample
235997a730c082f9f59860516ea46aaed71fd3e8227f7b2471abdf80e0971972.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
235997a730c082f9f59860516ea46aaed71fd3e8227f7b2471abdf80e0971972.dll
-
Size
714KB
-
MD5
aaa4edfe011c8d2cdbb02bbb31282bc6
-
SHA1
b1adf2f2d46df98bc604aa54d9443a9479abd065
-
SHA256
235997a730c082f9f59860516ea46aaed71fd3e8227f7b2471abdf80e0971972
-
SHA512
3f1a5f729dbade826fc7aa246d5393b7560ae0ab1aa1a175e01d777da6838c609f5e4e6c730198acb7059426bfaa11e128208ed921392481fc2488dc03aefc48
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 984 wrote to memory of 3984 984 rundll32.exe rundll32.exe PID 984 wrote to memory of 3984 984 rundll32.exe rundll32.exe PID 984 wrote to memory of 3984 984 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\235997a730c082f9f59860516ea46aaed71fd3e8227f7b2471abdf80e0971972.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\235997a730c082f9f59860516ea46aaed71fd3e8227f7b2471abdf80e0971972.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3984-0-0x0000000000000000-mapping.dmp