Analysis
-
max time kernel
13s -
max time network
111s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
11-11-2020 11:42
Static task
static1
Behavioral task
behavioral1
Sample
3d2cd1db2e614f7901ece128c1983e714552dc2963423c77d6737583187922fd.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
3d2cd1db2e614f7901ece128c1983e714552dc2963423c77d6737583187922fd.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
3d2cd1db2e614f7901ece128c1983e714552dc2963423c77d6737583187922fd.dll
-
Size
204KB
-
MD5
dc58b330aa8afb586ad52b604b8379c3
-
SHA1
b4092d8000862ea1e8e2cb1082ee7cac32c53640
-
SHA256
3d2cd1db2e614f7901ece128c1983e714552dc2963423c77d6737583187922fd
-
SHA512
12e558bf2726a07bbafb22215183372dd6d3167ba1b32f9c51291daca1215144dcda11fdbdac2af8b99ed90455ee63179a1c420d8940f36672519d3e8510d90c
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 944 wrote to memory of 1464 944 rundll32.exe rundll32.exe PID 944 wrote to memory of 1464 944 rundll32.exe rundll32.exe PID 944 wrote to memory of 1464 944 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3d2cd1db2e614f7901ece128c1983e714552dc2963423c77d6737583187922fd.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:944 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3d2cd1db2e614f7901ece128c1983e714552dc2963423c77d6737583187922fd.dll,#12⤵PID:1464
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1464-0-0x0000000000000000-mapping.dmp