Analysis
-
max time kernel
88s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
10-11-2020 20:41
Static task
static1
Behavioral task
behavioral1
Sample
ccf835fbf85c0d1f433e70bb96d1c87504a228b6ca3b973e240e35073d9d86a7.bin.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ccf835fbf85c0d1f433e70bb96d1c87504a228b6ca3b973e240e35073d9d86a7.bin.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
ccf835fbf85c0d1f433e70bb96d1c87504a228b6ca3b973e240e35073d9d86a7.bin.dll
-
Size
152KB
-
MD5
91a56986866c5991969d52932c655d8b
-
SHA1
dbe55a78b9fae7fe6441490a9e98a8b99bac68ee
-
SHA256
ccf835fbf85c0d1f433e70bb96d1c87504a228b6ca3b973e240e35073d9d86a7
-
SHA512
c5843d3f5e329a92dfeb4f53c8240ce443927e54670762fff22a2b428debbe47316a7da33b3b37b837aba14b881c2fbc718dab7536323308817d315953a94044
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 424 wrote to memory of 672 424 rundll32.exe rundll32.exe PID 424 wrote to memory of 672 424 rundll32.exe rundll32.exe PID 424 wrote to memory of 672 424 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ccf835fbf85c0d1f433e70bb96d1c87504a228b6ca3b973e240e35073d9d86a7.bin.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ccf835fbf85c0d1f433e70bb96d1c87504a228b6ca3b973e240e35073d9d86a7.bin.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/672-0-0x0000000000000000-mapping.dmp