Analysis
-
max time kernel
12s -
max time network
110s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
08-11-2020 17:57
Static task
static1
Behavioral task
behavioral1
Sample
e02d049354d32611057d3616a86d780eeb926d978946be314b9572fd60e4b0df.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
e02d049354d32611057d3616a86d780eeb926d978946be314b9572fd60e4b0df.dll
-
Size
686KB
-
MD5
0c4f09b9966eea989bec74539b49d44c
-
SHA1
732c9675363859e9a55f5270ae6e5be624cfbf0d
-
SHA256
e02d049354d32611057d3616a86d780eeb926d978946be314b9572fd60e4b0df
-
SHA512
254f8ef153cfb78f8f3ac3000ffbd9c6ec488994383be0b589e9778448f6118d997589b61a29f86338b0545480ea9c4dce7c4022662461fdbe161796df92d0f2
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3636 wrote to memory of 1036 3636 rundll32.exe rundll32.exe PID 3636 wrote to memory of 1036 3636 rundll32.exe rundll32.exe PID 3636 wrote to memory of 1036 3636 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e02d049354d32611057d3616a86d780eeb926d978946be314b9572fd60e4b0df.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e02d049354d32611057d3616a86d780eeb926d978946be314b9572fd60e4b0df.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1036-0-0x0000000000000000-mapping.dmp