Analysis
-
max time kernel
90s -
max time network
110s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
12-11-2020 14:01
Static task
static1
Behavioral task
behavioral1
Sample
e5cd425a6e6062b28f7dab5b8000d4eafe5eb1fecde49b0339705664731a4a2a.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
e5cd425a6e6062b28f7dab5b8000d4eafe5eb1fecde49b0339705664731a4a2a.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
e5cd425a6e6062b28f7dab5b8000d4eafe5eb1fecde49b0339705664731a4a2a.dll
-
Size
207KB
-
MD5
7bfda68885a682f0c73e950800e10f6d
-
SHA1
a84e2240161fc392c329bdd0d5fe2feb8805e3a1
-
SHA256
e5cd425a6e6062b28f7dab5b8000d4eafe5eb1fecde49b0339705664731a4a2a
-
SHA512
c4d1f04cf1f422c714708278fc89da2a24054cb8f29fb99fa299c525db8547806b6ca36250d765036acd5fd596deb2745eb49eea1b1404cc49f5ae0cc2b7ddd5
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 728 wrote to memory of 1496 728 rundll32.exe rundll32.exe PID 728 wrote to memory of 1496 728 rundll32.exe rundll32.exe PID 728 wrote to memory of 1496 728 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e5cd425a6e6062b28f7dab5b8000d4eafe5eb1fecde49b0339705664731a4a2a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:728 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e5cd425a6e6062b28f7dab5b8000d4eafe5eb1fecde49b0339705664731a4a2a.dll,#12⤵PID:1496
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1496-0-0x0000000000000000-mapping.dmp