Analysis
-
max time kernel
129s -
max time network
142s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
08-11-2020 18:17
Static task
static1
Behavioral task
behavioral1
Sample
9bf06804f07800715d2d13705b412647973e621b9512005f0bdd6a553c25b4ba.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
9bf06804f07800715d2d13705b412647973e621b9512005f0bdd6a553c25b4ba.dll
-
Size
657KB
-
MD5
c67c4abe4a8b185799329c4500b2b5a3
-
SHA1
f380a8cdeb388bec7735ea7232c405e61f6f79f4
-
SHA256
9bf06804f07800715d2d13705b412647973e621b9512005f0bdd6a553c25b4ba
-
SHA512
064c2bc04a6ef7a1c8131d05b30e119097beea8c88ae83d750d06a2c9ab62c85ee27b22bba103b5c580a5f1b5a81fa8f657dab34d5f996d4bdbc7ebc187f8781
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4684 wrote to memory of 4744 4684 rundll32.exe rundll32.exe PID 4684 wrote to memory of 4744 4684 rundll32.exe rundll32.exe PID 4684 wrote to memory of 4744 4684 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9bf06804f07800715d2d13705b412647973e621b9512005f0bdd6a553c25b4ba.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9bf06804f07800715d2d13705b412647973e621b9512005f0bdd6a553c25b4ba.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4744-0-0x0000000000000000-mapping.dmp