Analysis
-
max time kernel
145s -
max time network
152s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
08-11-2020 18:02
Static task
static1
Behavioral task
behavioral1
Sample
e0709c18168ad1f3e8bb3248a72cf8c60afabd21840386487adbef123a5d6deb.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
e0709c18168ad1f3e8bb3248a72cf8c60afabd21840386487adbef123a5d6deb.dll
-
Size
688KB
-
MD5
d21daa8e220953b38a63dcf97fd283f5
-
SHA1
8965273c2d3d7157a731086ee61a3ae6166f2dc5
-
SHA256
e0709c18168ad1f3e8bb3248a72cf8c60afabd21840386487adbef123a5d6deb
-
SHA512
7dc696af0dcbcb946135c99f5b9910c789e8a512ce2303317fd257e00c1f81d67b693c1a948c1efa462a4fb8375c0da9009ebffb6bfd86cb48726725d2994ef0
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1396 wrote to memory of 1688 1396 rundll32.exe rundll32.exe PID 1396 wrote to memory of 1688 1396 rundll32.exe rundll32.exe PID 1396 wrote to memory of 1688 1396 rundll32.exe rundll32.exe PID 1396 wrote to memory of 1688 1396 rundll32.exe rundll32.exe PID 1396 wrote to memory of 1688 1396 rundll32.exe rundll32.exe PID 1396 wrote to memory of 1688 1396 rundll32.exe rundll32.exe PID 1396 wrote to memory of 1688 1396 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e0709c18168ad1f3e8bb3248a72cf8c60afabd21840386487adbef123a5d6deb.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e0709c18168ad1f3e8bb3248a72cf8c60afabd21840386487adbef123a5d6deb.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1688-0-0x0000000000000000-mapping.dmp