Analysis
-
max time kernel
44s -
max time network
106s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
13-11-2020 22:03
Static task
static1
Behavioral task
behavioral1
Sample
Maaywuku2.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Maaywuku2.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
Maaywuku2.dll
-
Size
123KB
-
MD5
c33bd283a36d34b8de1826585e564530
-
SHA1
540f3ba581d2f0a4004da108ff20fb7a5c0b708c
-
SHA256
a09d8c487a135b973af532247d62f46695a53f37add6c66e561f1c14650290f5
-
SHA512
12b570c44dfb89dcf9c77f0d429e58c3bce7a302ecc83e76962393169416c6956698fc9e291c49946ecb3e4ea3f52e201b0f3fe6a59d3fdfd9b06eba7f49248f
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
Processes:
rundll32.exeflow pid process 21 1384 rundll32.exe 23 1384 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 972 wrote to memory of 1384 972 rundll32.exe rundll32.exe PID 972 wrote to memory of 1384 972 rundll32.exe rundll32.exe PID 972 wrote to memory of 1384 972 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Maaywuku2.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Maaywuku2.dll,#12⤵
- Blocklisted process makes network request
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1384-0-0x0000000000000000-mapping.dmp