Analysis
-
max time kernel
126s -
max time network
125s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
08-11-2020 17:58
Static task
static1
Behavioral task
behavioral1
Sample
84e808c344c3372813b7e40a7e6c35da08f21ceaf7bd6520cc86697e39ca5b21.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
84e808c344c3372813b7e40a7e6c35da08f21ceaf7bd6520cc86697e39ca5b21.dll
-
Size
678KB
-
MD5
f257dfff7e798c1d87e8be2aa68f1885
-
SHA1
5026ef7b538a320cdffdb734638769172a95dd30
-
SHA256
84e808c344c3372813b7e40a7e6c35da08f21ceaf7bd6520cc86697e39ca5b21
-
SHA512
6a119a97316c4303d9915fc63b04ff035834af55f5928bd5c8a085522b55ff8eb217f0d90b0219a2110b964e5f0cc1d256d0f99ea63c28b5a38464b54be95820
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1664 wrote to memory of 2032 1664 rundll32.exe rundll32.exe PID 1664 wrote to memory of 2032 1664 rundll32.exe rundll32.exe PID 1664 wrote to memory of 2032 1664 rundll32.exe rundll32.exe PID 1664 wrote to memory of 2032 1664 rundll32.exe rundll32.exe PID 1664 wrote to memory of 2032 1664 rundll32.exe rundll32.exe PID 1664 wrote to memory of 2032 1664 rundll32.exe rundll32.exe PID 1664 wrote to memory of 2032 1664 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\84e808c344c3372813b7e40a7e6c35da08f21ceaf7bd6520cc86697e39ca5b21.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\84e808c344c3372813b7e40a7e6c35da08f21ceaf7bd6520cc86697e39ca5b21.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2032-0-0x0000000000000000-mapping.dmp