Analysis
-
max time kernel
12s -
max time network
110s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
08-11-2020 18:14
Static task
static1
Behavioral task
behavioral1
Sample
3b43d8171dea4c2dc9a9c25ddc3f3dad60a38d93a542921025b2651f677817da.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
3b43d8171dea4c2dc9a9c25ddc3f3dad60a38d93a542921025b2651f677817da.dll
-
Size
901KB
-
MD5
6885e2c5bf5cfc0f8aa52b7cb9cbb912
-
SHA1
837e0a0b0613ea6cfc65e3ce648b48a72397662d
-
SHA256
3b43d8171dea4c2dc9a9c25ddc3f3dad60a38d93a542921025b2651f677817da
-
SHA512
ce164db185fec2bd375a873b388875f82fac5f10c5abc8158c48f0221c167f5242b03af09213c767f2cf7ef16a2a0e56f9b02c84c0278c135b9d98d31fa9546d
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 912 wrote to memory of 1072 912 rundll32.exe rundll32.exe PID 912 wrote to memory of 1072 912 rundll32.exe rundll32.exe PID 912 wrote to memory of 1072 912 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3b43d8171dea4c2dc9a9c25ddc3f3dad60a38d93a542921025b2651f677817da.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3b43d8171dea4c2dc9a9c25ddc3f3dad60a38d93a542921025b2651f677817da.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1072-0-0x0000000000000000-mapping.dmp