Analysis
-
max time kernel
13s -
max time network
117s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
08-11-2020 18:16
Static task
static1
Behavioral task
behavioral1
Sample
5f787fe2b630dd9239ac685d11c9685aa719bb48c12e80813eb6063de89b1f1c.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
5f787fe2b630dd9239ac685d11c9685aa719bb48c12e80813eb6063de89b1f1c.dll
-
Size
715KB
-
MD5
72e06136c6902f4e656627caa4831970
-
SHA1
51eb1d9b2cfb013b5579cf67180c6d9810ee920d
-
SHA256
5f787fe2b630dd9239ac685d11c9685aa719bb48c12e80813eb6063de89b1f1c
-
SHA512
c68beca929aa67e453e8e3541e5a66f55258e1ccb564c875176bbb6b7b303815b9571d78587a08299e2e778b50ebfb9e4a571b4493fb66f9b2c469369d2bb392
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4764 wrote to memory of 4860 4764 rundll32.exe rundll32.exe PID 4764 wrote to memory of 4860 4764 rundll32.exe rundll32.exe PID 4764 wrote to memory of 4860 4764 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5f787fe2b630dd9239ac685d11c9685aa719bb48c12e80813eb6063de89b1f1c.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5f787fe2b630dd9239ac685d11c9685aa719bb48c12e80813eb6063de89b1f1c.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4860-0-0x0000000000000000-mapping.dmp