Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
08-11-2020 18:06
Static task
static1
Behavioral task
behavioral1
Sample
05fceb5c5153af91cb5af88fa34cbc1c82aa2cd1da4582271699a543035a0b26.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
05fceb5c5153af91cb5af88fa34cbc1c82aa2cd1da4582271699a543035a0b26.dll
-
Size
672KB
-
MD5
0eff3685df878d82b52e6c1cceb19753
-
SHA1
f79a28a640f220ba1fdf5ed358ede00062b776f3
-
SHA256
05fceb5c5153af91cb5af88fa34cbc1c82aa2cd1da4582271699a543035a0b26
-
SHA512
f36fb342053cfe0e0659ffedbff0843ef8600c8f8b6fb6b617b8709e65db3fb17f20ee9ac93fd229a8f9d1e223fda34e2241fb74e6f8992fde92d92849617a9c
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1056 wrote to memory of 1920 1056 rundll32.exe rundll32.exe PID 1056 wrote to memory of 1920 1056 rundll32.exe rundll32.exe PID 1056 wrote to memory of 1920 1056 rundll32.exe rundll32.exe PID 1056 wrote to memory of 1920 1056 rundll32.exe rundll32.exe PID 1056 wrote to memory of 1920 1056 rundll32.exe rundll32.exe PID 1056 wrote to memory of 1920 1056 rundll32.exe rundll32.exe PID 1056 wrote to memory of 1920 1056 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\05fceb5c5153af91cb5af88fa34cbc1c82aa2cd1da4582271699a543035a0b26.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\05fceb5c5153af91cb5af88fa34cbc1c82aa2cd1da4582271699a543035a0b26.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1920-0-0x0000000000000000-mapping.dmp