Analysis
-
max time kernel
85s -
max time network
84s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
12-11-2020 13:52
Static task
static1
Behavioral task
behavioral1
Sample
6051b48aec404b59c50d345ab610b636538856d9da2edb7e1432f4497f62d882.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
6051b48aec404b59c50d345ab610b636538856d9da2edb7e1432f4497f62d882.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
6051b48aec404b59c50d345ab610b636538856d9da2edb7e1432f4497f62d882.dll
-
Size
207KB
-
MD5
21c599af3f3061449ead4aa68fcc3a00
-
SHA1
87c65413e7dc98aabe171528b0c3d1708531e9d1
-
SHA256
6051b48aec404b59c50d345ab610b636538856d9da2edb7e1432f4497f62d882
-
SHA512
a8c375e9d626e785e79d3190398477f3a7502523521b4feabb586c5df64de1a28e51b8586bf068e35154c77a0c95a71bff3bc74cea53d420e5582eb9891e931b
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2028 wrote to memory of 1232 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 1232 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 1232 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 1232 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 1232 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 1232 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 1232 2028 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6051b48aec404b59c50d345ab610b636538856d9da2edb7e1432f4497f62d882.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2028 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6051b48aec404b59c50d345ab610b636538856d9da2edb7e1432f4497f62d882.dll,#12⤵PID:1232
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1232-0-0x0000000000000000-mapping.dmp