Analysis
-
max time kernel
135s -
max time network
137s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
12-11-2020 13:58
Static task
static1
Behavioral task
behavioral1
Sample
f609e2e77f76e891d3533b0c3eb6db5bb8385e120fd1101e509ba1313cc3135a.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
f609e2e77f76e891d3533b0c3eb6db5bb8385e120fd1101e509ba1313cc3135a.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
f609e2e77f76e891d3533b0c3eb6db5bb8385e120fd1101e509ba1313cc3135a.dll
-
Size
207KB
-
MD5
9f02bd144161a53608d3b6c0e493e6f1
-
SHA1
df3177d4830eeb1fa5d89e1264dc299a01f617ba
-
SHA256
f609e2e77f76e891d3533b0c3eb6db5bb8385e120fd1101e509ba1313cc3135a
-
SHA512
047fc9d96d3b70b7c5e83a0e110636cf68117d460c7ff896bf065ed211d2fdb0833b6a350e8f9fc69825a8889dce1224ce944c51e5cc2722c15e3189b4447403
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1704 wrote to memory of 1904 1704 rundll32.exe rundll32.exe PID 1704 wrote to memory of 1904 1704 rundll32.exe rundll32.exe PID 1704 wrote to memory of 1904 1704 rundll32.exe rundll32.exe PID 1704 wrote to memory of 1904 1704 rundll32.exe rundll32.exe PID 1704 wrote to memory of 1904 1704 rundll32.exe rundll32.exe PID 1704 wrote to memory of 1904 1704 rundll32.exe rundll32.exe PID 1704 wrote to memory of 1904 1704 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f609e2e77f76e891d3533b0c3eb6db5bb8385e120fd1101e509ba1313cc3135a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1704 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f609e2e77f76e891d3533b0c3eb6db5bb8385e120fd1101e509ba1313cc3135a.dll,#12⤵PID:1904
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1904-0-0x0000000000000000-mapping.dmp