Analysis
-
max time kernel
146s -
max time network
123s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
09-11-2020 19:27
Static task
static1
Behavioral task
behavioral1
Sample
file.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
file.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
file.dll
-
Size
164KB
-
MD5
7d113ca1ae3f5d652e95a7235bb5f500
-
SHA1
ac1a058579d7fc2795b114e9f5b127d16c6cb8f2
-
SHA256
e98671b2d66ed8e660d8653d19773ca46706a43c3d489b947df1fd4b0cefce41
-
SHA512
80bb2ca4475afe8d9ce35c38ab4c25358f07aea28f7d1c7034c64e4cb17614760cfd836869b5dc7bb5834b8075178e2831c5a1741698262910836d1d83659a18
Score
6/10
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
rundll32.exedescription ioc process File opened (read-only) \??\V: rundll32.exe File opened (read-only) \??\X: rundll32.exe File opened (read-only) \??\H: rundll32.exe File opened (read-only) \??\J: rundll32.exe File opened (read-only) \??\L: rundll32.exe File opened (read-only) \??\N: rundll32.exe File opened (read-only) \??\Q: rundll32.exe File opened (read-only) \??\W: rundll32.exe File opened (read-only) \??\Y: rundll32.exe File opened (read-only) \??\Z: rundll32.exe File opened (read-only) \??\B: rundll32.exe File opened (read-only) \??\E: rundll32.exe File opened (read-only) \??\M: rundll32.exe File opened (read-only) \??\T: rundll32.exe File opened (read-only) \??\U: rundll32.exe File opened (read-only) \??\F: rundll32.exe File opened (read-only) \??\S: rundll32.exe File opened (read-only) \??\P: rundll32.exe File opened (read-only) \??\R: rundll32.exe File opened (read-only) \??\A: rundll32.exe File opened (read-only) \??\G: rundll32.exe File opened (read-only) \??\I: rundll32.exe File opened (read-only) \??\K: rundll32.exe File opened (read-only) \??\O: rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 756 wrote to memory of 1796 756 rundll32.exe rundll32.exe PID 756 wrote to memory of 1796 756 rundll32.exe rundll32.exe PID 756 wrote to memory of 1796 756 rundll32.exe rundll32.exe PID 756 wrote to memory of 1796 756 rundll32.exe rundll32.exe PID 756 wrote to memory of 1796 756 rundll32.exe rundll32.exe PID 756 wrote to memory of 1796 756 rundll32.exe rundll32.exe PID 756 wrote to memory of 1796 756 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1796-0-0x0000000000000000-mapping.dmp