Analysis
-
max time kernel
10s -
max time network
113s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
12-11-2020 13:58
Static task
static1
Behavioral task
behavioral1
Sample
f609e2e77f76e891d3533b0c3eb6db5bb8385e120fd1101e509ba1313cc3135a.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
f609e2e77f76e891d3533b0c3eb6db5bb8385e120fd1101e509ba1313cc3135a.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
f609e2e77f76e891d3533b0c3eb6db5bb8385e120fd1101e509ba1313cc3135a.dll
-
Size
207KB
-
MD5
9f02bd144161a53608d3b6c0e493e6f1
-
SHA1
df3177d4830eeb1fa5d89e1264dc299a01f617ba
-
SHA256
f609e2e77f76e891d3533b0c3eb6db5bb8385e120fd1101e509ba1313cc3135a
-
SHA512
047fc9d96d3b70b7c5e83a0e110636cf68117d460c7ff896bf065ed211d2fdb0833b6a350e8f9fc69825a8889dce1224ce944c51e5cc2722c15e3189b4447403
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3988 wrote to memory of 3600 3988 rundll32.exe rundll32.exe PID 3988 wrote to memory of 3600 3988 rundll32.exe rundll32.exe PID 3988 wrote to memory of 3600 3988 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f609e2e77f76e891d3533b0c3eb6db5bb8385e120fd1101e509ba1313cc3135a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3988 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f609e2e77f76e891d3533b0c3eb6db5bb8385e120fd1101e509ba1313cc3135a.dll,#12⤵PID:3600
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3600-0-0x0000000000000000-mapping.dmp