Analysis
-
max time kernel
125s -
max time network
125s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
12-11-2020 14:06
Static task
static1
Behavioral task
behavioral1
Sample
d3af282d2efc546e7c1e8056b68d73e1979bf559ad95c079f4fe66b5278ce1a1.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
d3af282d2efc546e7c1e8056b68d73e1979bf559ad95c079f4fe66b5278ce1a1.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
d3af282d2efc546e7c1e8056b68d73e1979bf559ad95c079f4fe66b5278ce1a1.dll
-
Size
207KB
-
MD5
434a87fec2caffdf4bf91f09fefe7f3d
-
SHA1
3ddd565127056933506769cf51655d448a48a83c
-
SHA256
d3af282d2efc546e7c1e8056b68d73e1979bf559ad95c079f4fe66b5278ce1a1
-
SHA512
0fc26416c06356c69857971257549813c6a2eb144460f4d1589d35a069df0cfd46051f40ef5110c6fceb5e2af6413e7d14bbea29e64c78ffc2edac28fd207ac2
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 640 wrote to memory of 1060 640 rundll32.exe rundll32.exe PID 640 wrote to memory of 1060 640 rundll32.exe rundll32.exe PID 640 wrote to memory of 1060 640 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d3af282d2efc546e7c1e8056b68d73e1979bf559ad95c079f4fe66b5278ce1a1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:640 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d3af282d2efc546e7c1e8056b68d73e1979bf559ad95c079f4fe66b5278ce1a1.dll,#12⤵PID:1060
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1060-0-0x0000000000000000-mapping.dmp