Analysis
-
max time kernel
3s -
max time network
11s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
08-11-2020 18:09
Static task
static1
Behavioral task
behavioral1
Sample
b7d83dd34fcb48d543d7dbc5cef52b040609dbf831754ec3318e2c6197b20c62.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
b7d83dd34fcb48d543d7dbc5cef52b040609dbf831754ec3318e2c6197b20c62.dll
-
Size
729KB
-
MD5
eb13bd884b6f3b2f3968c1ade3357605
-
SHA1
f5cfe567e9020cd15357b0e8cc9517d4cd09f20e
-
SHA256
b7d83dd34fcb48d543d7dbc5cef52b040609dbf831754ec3318e2c6197b20c62
-
SHA512
6846b07eaaa0a0a134b0e80c42f84abb1ec89d947622e177d8ca82ce328a768ce50c5c2dfc0b46c8d117ffa66d7d0e2a6c6761abaa052d1259fc7370b7cc11e6
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 292 wrote to memory of 484 292 rundll32.exe rundll32.exe PID 292 wrote to memory of 484 292 rundll32.exe rundll32.exe PID 292 wrote to memory of 484 292 rundll32.exe rundll32.exe PID 292 wrote to memory of 484 292 rundll32.exe rundll32.exe PID 292 wrote to memory of 484 292 rundll32.exe rundll32.exe PID 292 wrote to memory of 484 292 rundll32.exe rundll32.exe PID 292 wrote to memory of 484 292 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b7d83dd34fcb48d543d7dbc5cef52b040609dbf831754ec3318e2c6197b20c62.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b7d83dd34fcb48d543d7dbc5cef52b040609dbf831754ec3318e2c6197b20c62.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/484-0-0x0000000000000000-mapping.dmp