Analysis
-
max time kernel
147s -
max time network
154s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
11-11-2020 10:52
Static task
static1
Behavioral task
behavioral1
Sample
b2df553524d43cac84ff52a2744368674a4a231417585388548b6b9dc4b70c44.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
b2df553524d43cac84ff52a2744368674a4a231417585388548b6b9dc4b70c44.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
b2df553524d43cac84ff52a2744368674a4a231417585388548b6b9dc4b70c44.dll
-
Size
207KB
-
MD5
288fb9e8fb95fc6fb14dff10d2fd978f
-
SHA1
183fa31952edc6e9b3cbeef9d9dfbb290f1ecbe9
-
SHA256
b2df553524d43cac84ff52a2744368674a4a231417585388548b6b9dc4b70c44
-
SHA512
2491821f98cb68e6b7dbab3c3c84ce477452a157f0f03e8b0d0af27c7194013d80e8b130d431a26370f4a6fd99e8d3a2c70e1dc4e467cbade909b5e80e13989e
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 648 wrote to memory of 500 648 rundll32.exe rundll32.exe PID 648 wrote to memory of 500 648 rundll32.exe rundll32.exe PID 648 wrote to memory of 500 648 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b2df553524d43cac84ff52a2744368674a4a231417585388548b6b9dc4b70c44.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:648 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b2df553524d43cac84ff52a2744368674a4a231417585388548b6b9dc4b70c44.dll,#12⤵PID:500
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/500-0-0x0000000000000000-mapping.dmp