Analysis
-
max time kernel
4s -
max time network
9s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
12-11-2020 13:51
Static task
static1
Behavioral task
behavioral1
Sample
7ef6871c88e5621779755d36face911e514f2ccd300cd95ddd7b2346df6374f2.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
7ef6871c88e5621779755d36face911e514f2ccd300cd95ddd7b2346df6374f2.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
7ef6871c88e5621779755d36face911e514f2ccd300cd95ddd7b2346df6374f2.dll
-
Size
207KB
-
MD5
26e2f4ee9fc7614c86f7e9daca77d7a2
-
SHA1
436723cddcb0729a177f936780873f8e8d34df77
-
SHA256
7ef6871c88e5621779755d36face911e514f2ccd300cd95ddd7b2346df6374f2
-
SHA512
5de7967c2d26d4bdd71d2499b406d6d8b5a276d46c826f97d855f74d6d72a33b48fe9a060b6f53d182367d63258fb056e8626aa5f25db04030e3731237685c39
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1032 wrote to memory of 2020 1032 rundll32.exe rundll32.exe PID 1032 wrote to memory of 2020 1032 rundll32.exe rundll32.exe PID 1032 wrote to memory of 2020 1032 rundll32.exe rundll32.exe PID 1032 wrote to memory of 2020 1032 rundll32.exe rundll32.exe PID 1032 wrote to memory of 2020 1032 rundll32.exe rundll32.exe PID 1032 wrote to memory of 2020 1032 rundll32.exe rundll32.exe PID 1032 wrote to memory of 2020 1032 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7ef6871c88e5621779755d36face911e514f2ccd300cd95ddd7b2346df6374f2.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1032 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7ef6871c88e5621779755d36face911e514f2ccd300cd95ddd7b2346df6374f2.dll,#12⤵PID:2020
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2020-0-0x0000000000000000-mapping.dmp