Analysis
-
max time kernel
79s -
max time network
135s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
08-11-2020 17:51
Static task
static1
Behavioral task
behavioral1
Sample
1ccae70f99772c6deecc9d4a57a87acfadad589029cc5e58ec22c5cac3a15bcb.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
1ccae70f99772c6deecc9d4a57a87acfadad589029cc5e58ec22c5cac3a15bcb.dll
-
Size
726KB
-
MD5
ea5ced276db1d8a346019ab29b730a29
-
SHA1
8a903462b29af9d741ea2c23771bd4446799d3ba
-
SHA256
1ccae70f99772c6deecc9d4a57a87acfadad589029cc5e58ec22c5cac3a15bcb
-
SHA512
671f9951b29cc3623cb4fffc53993e4f12c5b06c4231561c29b67d8e623ebf37c17e0c97c1c70361e37b08f7bd76b47674ff096ef6ca9d4eb0049e70f5b3963e
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 540 wrote to memory of 3416 540 rundll32.exe rundll32.exe PID 540 wrote to memory of 3416 540 rundll32.exe rundll32.exe PID 540 wrote to memory of 3416 540 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1ccae70f99772c6deecc9d4a57a87acfadad589029cc5e58ec22c5cac3a15bcb.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1ccae70f99772c6deecc9d4a57a87acfadad589029cc5e58ec22c5cac3a15bcb.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3416-0-0x0000000000000000-mapping.dmp