Analysis
-
max time kernel
13s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
08-11-2020 18:16
Static task
static1
Behavioral task
behavioral1
Sample
74f232a26f6e37efbb5f0351ef14a27d1af361ee6298c2fa620a63fd234bd778.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
74f232a26f6e37efbb5f0351ef14a27d1af361ee6298c2fa620a63fd234bd778.dll
-
Size
717KB
-
MD5
5e65023483f8a203a9a36d5cfea2e687
-
SHA1
20e17b00e5560db460f99d2dc3652a7a6a00cc41
-
SHA256
74f232a26f6e37efbb5f0351ef14a27d1af361ee6298c2fa620a63fd234bd778
-
SHA512
32d606b6926cf76eded84863c6dc8a7a56b1d07f04446fb55f3591f0e2ee97df1c41693366daddfade710b3062bedd456746ea75ccd4e5cd9bb9d221b36ac4c8
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3272 wrote to memory of 1124 3272 rundll32.exe rundll32.exe PID 3272 wrote to memory of 1124 3272 rundll32.exe rundll32.exe PID 3272 wrote to memory of 1124 3272 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\74f232a26f6e37efbb5f0351ef14a27d1af361ee6298c2fa620a63fd234bd778.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\74f232a26f6e37efbb5f0351ef14a27d1af361ee6298c2fa620a63fd234bd778.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1124-0-0x0000000000000000-mapping.dmp