Analysis
-
max time kernel
145s -
max time network
147s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
08-11-2020 18:16
Static task
static1
Behavioral task
behavioral1
Sample
9096b6721d66f813803f85071233ab8f62dc97621d334b7b300245ed4a82e719.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
9096b6721d66f813803f85071233ab8f62dc97621d334b7b300245ed4a82e719.dll
-
Size
714KB
-
MD5
e7fbf674d71e6360b7b46105fa8aa346
-
SHA1
dc78d049dd87ae8b15c8f2895def2c815ddc7fca
-
SHA256
9096b6721d66f813803f85071233ab8f62dc97621d334b7b300245ed4a82e719
-
SHA512
2b391d43cf42678691da55882febad18998dcad43863acfdb832447bfdc0e13708961fedaaab00c217c2c7283e5f9a67f0649b7b2085eab9cd032ca1b6a756ab
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 288 wrote to memory of 1612 288 rundll32.exe rundll32.exe PID 288 wrote to memory of 1612 288 rundll32.exe rundll32.exe PID 288 wrote to memory of 1612 288 rundll32.exe rundll32.exe PID 288 wrote to memory of 1612 288 rundll32.exe rundll32.exe PID 288 wrote to memory of 1612 288 rundll32.exe rundll32.exe PID 288 wrote to memory of 1612 288 rundll32.exe rundll32.exe PID 288 wrote to memory of 1612 288 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9096b6721d66f813803f85071233ab8f62dc97621d334b7b300245ed4a82e719.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9096b6721d66f813803f85071233ab8f62dc97621d334b7b300245ed4a82e719.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1612-0-0x0000000000000000-mapping.dmp