Analysis
-
max time kernel
91s -
max time network
149s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
08-11-2020 18:16
Static task
static1
Behavioral task
behavioral1
Sample
6e7ff6982eb0b7de99d80aebc8c9b8517440a327c7f52cb95528c75d36b8e573.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
6e7ff6982eb0b7de99d80aebc8c9b8517440a327c7f52cb95528c75d36b8e573.dll
-
Size
726KB
-
MD5
17493ee156bc46aa910df941242c08a5
-
SHA1
b72504a9c347760871aaf450159893cfe7bd6761
-
SHA256
6e7ff6982eb0b7de99d80aebc8c9b8517440a327c7f52cb95528c75d36b8e573
-
SHA512
e18f96740d3b20da13151cb57d0e0bcb8c287fccae036ee4146458c48a6dfa5e85a2e2a82df77cc2d1332c77b5fcb060fd0312aa74cd941e071dd0e7b0a7dca2
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 492 wrote to memory of 1360 492 rundll32.exe rundll32.exe PID 492 wrote to memory of 1360 492 rundll32.exe rundll32.exe PID 492 wrote to memory of 1360 492 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6e7ff6982eb0b7de99d80aebc8c9b8517440a327c7f52cb95528c75d36b8e573.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6e7ff6982eb0b7de99d80aebc8c9b8517440a327c7f52cb95528c75d36b8e573.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1360-0-0x0000000000000000-mapping.dmp