Analysis
-
max time kernel
109s -
max time network
113s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
12-11-2020 14:42
Static task
static1
Behavioral task
behavioral1
Sample
4649221068ea794a26b14eb024f108690976c78b6c79ca3cab32aec5c006202c.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
4649221068ea794a26b14eb024f108690976c78b6c79ca3cab32aec5c006202c.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
4649221068ea794a26b14eb024f108690976c78b6c79ca3cab32aec5c006202c.dll
-
Size
207KB
-
MD5
ee03b27a68df31d5ce5d48b12fa5e8ab
-
SHA1
91d9fb71fd3e0864be41b44dc91f35e9edc2d9fe
-
SHA256
4649221068ea794a26b14eb024f108690976c78b6c79ca3cab32aec5c006202c
-
SHA512
a393f329a92b464cf81280525e781f543ec9730bbe9980782e97b26fc474157022205dd59e9b20aa38934e762312b11c72b9c200cffbba9d2c0438fa36d0a0fd
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1916 wrote to memory of 1144 1916 rundll32.exe rundll32.exe PID 1916 wrote to memory of 1144 1916 rundll32.exe rundll32.exe PID 1916 wrote to memory of 1144 1916 rundll32.exe rundll32.exe PID 1916 wrote to memory of 1144 1916 rundll32.exe rundll32.exe PID 1916 wrote to memory of 1144 1916 rundll32.exe rundll32.exe PID 1916 wrote to memory of 1144 1916 rundll32.exe rundll32.exe PID 1916 wrote to memory of 1144 1916 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4649221068ea794a26b14eb024f108690976c78b6c79ca3cab32aec5c006202c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1916 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4649221068ea794a26b14eb024f108690976c78b6c79ca3cab32aec5c006202c.dll,#12⤵PID:1144
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1144-0-0x0000000000000000-mapping.dmp