Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
10-11-2020 07:28
Static task
static1
Behavioral task
behavioral1
Sample
a8de4fb046ca1a5b1ce38b0e3b6d59a7c6239a2ce65375904b2b9b3cdfd461a9.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
a8de4fb046ca1a5b1ce38b0e3b6d59a7c6239a2ce65375904b2b9b3cdfd461a9.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
a8de4fb046ca1a5b1ce38b0e3b6d59a7c6239a2ce65375904b2b9b3cdfd461a9.dll
-
Size
207KB
-
MD5
9ccfa0e7d6b52e7284c543bdc3930a99
-
SHA1
2f31b4fe64966c981c6d38bfbf41f1500d5c9864
-
SHA256
a8de4fb046ca1a5b1ce38b0e3b6d59a7c6239a2ce65375904b2b9b3cdfd461a9
-
SHA512
648d3b234fa7aab8105ad8c9647af028e304569b9d2abc7a1b2d7fb44bab9b77a09e32b2b5e3aa85a22502eeb0b1fb2116231b368c87353fc9d90589a1025da8
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 640 wrote to memory of 356 640 rundll32.exe rundll32.exe PID 640 wrote to memory of 356 640 rundll32.exe rundll32.exe PID 640 wrote to memory of 356 640 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a8de4fb046ca1a5b1ce38b0e3b6d59a7c6239a2ce65375904b2b9b3cdfd461a9.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:640 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a8de4fb046ca1a5b1ce38b0e3b6d59a7c6239a2ce65375904b2b9b3cdfd461a9.dll,#12⤵PID:356
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/356-0-0x0000000000000000-mapping.dmp