Analysis
-
max time kernel
17s -
max time network
71s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
12-11-2020 13:50
Static task
static1
Behavioral task
behavioral1
Sample
0b57ef77e909553949381757c455fea136ae32a47f67e7a08934ac725f4998d4.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
0b57ef77e909553949381757c455fea136ae32a47f67e7a08934ac725f4998d4.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
0b57ef77e909553949381757c455fea136ae32a47f67e7a08934ac725f4998d4.dll
-
Size
207KB
-
MD5
c283268492875eabfcefdd1965d76c5d
-
SHA1
6e11837a1783db389d369ebd0f03a3f4cc441cd3
-
SHA256
0b57ef77e909553949381757c455fea136ae32a47f67e7a08934ac725f4998d4
-
SHA512
6846821c139c86b7479a4ccfcff699ac3b4acefe4ef8bc03d23ae0eedc52aaffe9969cfc4feaf3c85b04287c878828316b6ffb95c10bd0415ccc4d639d17424d
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 884 wrote to memory of 748 884 rundll32.exe rundll32.exe PID 884 wrote to memory of 748 884 rundll32.exe rundll32.exe PID 884 wrote to memory of 748 884 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0b57ef77e909553949381757c455fea136ae32a47f67e7a08934ac725f4998d4.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:884 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0b57ef77e909553949381757c455fea136ae32a47f67e7a08934ac725f4998d4.dll,#12⤵PID:748
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/748-0-0x0000000000000000-mapping.dmp