Analysis
-
max time kernel
108s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
08-11-2020 17:54
Static task
static1
Behavioral task
behavioral1
Sample
448586be99ca4baf11c39f0c49e126c5b05c001c540037d8937a3e2f19c96e5a.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
448586be99ca4baf11c39f0c49e126c5b05c001c540037d8937a3e2f19c96e5a.dll
-
Size
687KB
-
MD5
051056df506db15878cc5b08aa7967d2
-
SHA1
3bc514d56a33faea8b560bb5e722d115f5c59a41
-
SHA256
448586be99ca4baf11c39f0c49e126c5b05c001c540037d8937a3e2f19c96e5a
-
SHA512
4a1ab7ac692a8a2ff9a6630b46fb0d74dd34fe85d3141a1fb50701cd2ced9e4dd1f3df18d5d53b4851965209909dda891d83c7e2ccded7702457dd98829e0c33
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3980 wrote to memory of 3160 3980 rundll32.exe rundll32.exe PID 3980 wrote to memory of 3160 3980 rundll32.exe rundll32.exe PID 3980 wrote to memory of 3160 3980 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\448586be99ca4baf11c39f0c49e126c5b05c001c540037d8937a3e2f19c96e5a.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\448586be99ca4baf11c39f0c49e126c5b05c001c540037d8937a3e2f19c96e5a.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3160-0-0x0000000000000000-mapping.dmp