Analysis
-
max time kernel
52s -
max time network
116s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
13-11-2020 16:20
Static task
static1
Behavioral task
behavioral1
Sample
5f44852cc99bf4028874ec5ac49f02a89b9f66ed2a85c4c834b9c4705d0da325.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
5f44852cc99bf4028874ec5ac49f02a89b9f66ed2a85c4c834b9c4705d0da325.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
5f44852cc99bf4028874ec5ac49f02a89b9f66ed2a85c4c834b9c4705d0da325.dll
-
Size
292KB
-
MD5
7d7b6cd4acba69cdc6c09b9ab7a4b011
-
SHA1
0c637be56edf93af5951b361f55c444bc54cd158
-
SHA256
5f44852cc99bf4028874ec5ac49f02a89b9f66ed2a85c4c834b9c4705d0da325
-
SHA512
22d4668f0000649f7b13e8343b79eed9fa5d34080e0ab88941d1984edb70fc391fbd9504ee89f6f064bb8b031473e7c18db565e953dc98e85ccabf27e11c374f
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
Processes:
rundll32.exeflow pid process 16 4780 rundll32.exe 18 4780 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4760 wrote to memory of 4780 4760 rundll32.exe rundll32.exe PID 4760 wrote to memory of 4780 4760 rundll32.exe rundll32.exe PID 4760 wrote to memory of 4780 4760 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5f44852cc99bf4028874ec5ac49f02a89b9f66ed2a85c4c834b9c4705d0da325.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5f44852cc99bf4028874ec5ac49f02a89b9f66ed2a85c4c834b9c4705d0da325.dll,#12⤵
- Blocklisted process makes network request
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4780-0-0x0000000000000000-mapping.dmp