Analysis
-
max time kernel
60s -
max time network
120s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
11-11-2020 11:09
Static task
static1
Behavioral task
behavioral1
Sample
d1c694864523ee13235c70fb120b4605c07f840a0d2cee2b2707c7dfc9ec45f4.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
d1c694864523ee13235c70fb120b4605c07f840a0d2cee2b2707c7dfc9ec45f4.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
d1c694864523ee13235c70fb120b4605c07f840a0d2cee2b2707c7dfc9ec45f4.dll
-
Size
207KB
-
MD5
c8b50ca983b80b94c80a2257c36147d3
-
SHA1
48e7150a0f125cf3cd4ff3e0978c0460815acb5c
-
SHA256
d1c694864523ee13235c70fb120b4605c07f840a0d2cee2b2707c7dfc9ec45f4
-
SHA512
edc4ca08df47aa9c8e10c642777a43d4ec7a8e356eb1dce8c1c598d53d03bf634ea35785cc8f9ef5cfa353db488d593bc2c1a972f1968ea6c30408e3d6ab16e8
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3004 wrote to memory of 3572 3004 rundll32.exe rundll32.exe PID 3004 wrote to memory of 3572 3004 rundll32.exe rundll32.exe PID 3004 wrote to memory of 3572 3004 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d1c694864523ee13235c70fb120b4605c07f840a0d2cee2b2707c7dfc9ec45f4.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3004 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d1c694864523ee13235c70fb120b4605c07f840a0d2cee2b2707c7dfc9ec45f4.dll,#12⤵PID:3572
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3572-0-0x0000000000000000-mapping.dmp