Analysis
-
max time kernel
111s -
max time network
112s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
12-11-2020 14:42
Static task
static1
Behavioral task
behavioral1
Sample
6ac9e09c3cb1f0830c9dd9932f7a3274d4b329cc6c8635264d7f1744c6ea8808.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
6ac9e09c3cb1f0830c9dd9932f7a3274d4b329cc6c8635264d7f1744c6ea8808.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
6ac9e09c3cb1f0830c9dd9932f7a3274d4b329cc6c8635264d7f1744c6ea8808.dll
-
Size
207KB
-
MD5
2359162a4d0dbd53d55c172a54e51d5d
-
SHA1
7adf6ac180511e7aac39f7f65f60ae2103f3d75a
-
SHA256
6ac9e09c3cb1f0830c9dd9932f7a3274d4b329cc6c8635264d7f1744c6ea8808
-
SHA512
b31a7439123ebef54db8ed02a4e80d7a8c35eed5b80de0e1d9f97f6d42bbf7663ecb4e21662ce85c47db4ac5521bbf3526ce395e7a36333144f92a0af4375150
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 300 wrote to memory of 1648 300 rundll32.exe rundll32.exe PID 300 wrote to memory of 1648 300 rundll32.exe rundll32.exe PID 300 wrote to memory of 1648 300 rundll32.exe rundll32.exe PID 300 wrote to memory of 1648 300 rundll32.exe rundll32.exe PID 300 wrote to memory of 1648 300 rundll32.exe rundll32.exe PID 300 wrote to memory of 1648 300 rundll32.exe rundll32.exe PID 300 wrote to memory of 1648 300 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6ac9e09c3cb1f0830c9dd9932f7a3274d4b329cc6c8635264d7f1744c6ea8808.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:300 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6ac9e09c3cb1f0830c9dd9932f7a3274d4b329cc6c8635264d7f1744c6ea8808.dll,#12⤵PID:1648
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1648-0-0x0000000000000000-mapping.dmp