Analysis
-
max time kernel
9s -
max time network
102s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
11-11-2020 11:11
Static task
static1
Behavioral task
behavioral1
Sample
9bdedc4afffcd22172ad595c92b523ba264010731bc5a9e7692f7944f1e871fa.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
9bdedc4afffcd22172ad595c92b523ba264010731bc5a9e7692f7944f1e871fa.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
9bdedc4afffcd22172ad595c92b523ba264010731bc5a9e7692f7944f1e871fa.dll
-
Size
207KB
-
MD5
cc5280898b6da56deb382f8153f56749
-
SHA1
60d5f5c92bd9d055b09f1f41f7417339d02ca649
-
SHA256
9bdedc4afffcd22172ad595c92b523ba264010731bc5a9e7692f7944f1e871fa
-
SHA512
47801481e78465ebb95a91b1a5aede5aaa771425606cb26da368893e9921e18bbd949e7ab576096042a059d2a334e95fb40b072b78d97c52077e579326408a33
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4796 wrote to memory of 4816 4796 rundll32.exe rundll32.exe PID 4796 wrote to memory of 4816 4796 rundll32.exe rundll32.exe PID 4796 wrote to memory of 4816 4796 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9bdedc4afffcd22172ad595c92b523ba264010731bc5a9e7692f7944f1e871fa.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9bdedc4afffcd22172ad595c92b523ba264010731bc5a9e7692f7944f1e871fa.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4816-0-0x0000000000000000-mapping.dmp