Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
08-11-2020 17:55
Static task
static1
Behavioral task
behavioral1
Sample
9def52727eff7de38a787a44668f9e612012bb7f31c1d3a741aa974d8b95e954.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
9def52727eff7de38a787a44668f9e612012bb7f31c1d3a741aa974d8b95e954.dll
-
Size
731KB
-
MD5
fe5e7f1264638681422ae9c210d95e58
-
SHA1
2d925ac39857430fcb5f160fd442dc5546dcbfe1
-
SHA256
9def52727eff7de38a787a44668f9e612012bb7f31c1d3a741aa974d8b95e954
-
SHA512
cd70e420390a3e5d218d457386d0dc34f63ad0863eabcfe7c7e2f110f71f60a6f64e8fa50355e8176a62c0f2c10b7b1bba398c9c7647223a12aa7e9ee4c62b33
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 240 wrote to memory of 1100 240 rundll32.exe rundll32.exe PID 240 wrote to memory of 1100 240 rundll32.exe rundll32.exe PID 240 wrote to memory of 1100 240 rundll32.exe rundll32.exe PID 240 wrote to memory of 1100 240 rundll32.exe rundll32.exe PID 240 wrote to memory of 1100 240 rundll32.exe rundll32.exe PID 240 wrote to memory of 1100 240 rundll32.exe rundll32.exe PID 240 wrote to memory of 1100 240 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9def52727eff7de38a787a44668f9e612012bb7f31c1d3a741aa974d8b95e954.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9def52727eff7de38a787a44668f9e612012bb7f31c1d3a741aa974d8b95e954.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1100-0-0x0000000000000000-mapping.dmp