Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
15-11-2020 22:43
Static task
static1
Behavioral task
behavioral1
Sample
de595fdf9c9627d89c7a7385a59efb921417e4472b4131e24e4e7222a2891dc8.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
de595fdf9c9627d89c7a7385a59efb921417e4472b4131e24e4e7222a2891dc8.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
de595fdf9c9627d89c7a7385a59efb921417e4472b4131e24e4e7222a2891dc8.dll
-
Size
204KB
-
MD5
857d629e6732859b97fead53ff05b536
-
SHA1
3faf69075fd5499f0f293671e41783bdef6820c4
-
SHA256
de595fdf9c9627d89c7a7385a59efb921417e4472b4131e24e4e7222a2891dc8
-
SHA512
940b2490d0c5514cad3d853ef60b7ae793636e1764f26dcd5077c28535ae5d1f7819949eeeca7614eeb265d0e1f20d4c58567cfe99873d74c9f1be9db1fdf807
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 240 wrote to memory of 1084 240 rundll32.exe rundll32.exe PID 240 wrote to memory of 1084 240 rundll32.exe rundll32.exe PID 240 wrote to memory of 1084 240 rundll32.exe rundll32.exe PID 240 wrote to memory of 1084 240 rundll32.exe rundll32.exe PID 240 wrote to memory of 1084 240 rundll32.exe rundll32.exe PID 240 wrote to memory of 1084 240 rundll32.exe rundll32.exe PID 240 wrote to memory of 1084 240 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\de595fdf9c9627d89c7a7385a59efb921417e4472b4131e24e4e7222a2891dc8.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\de595fdf9c9627d89c7a7385a59efb921417e4472b4131e24e4e7222a2891dc8.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1084-0-0x0000000000000000-mapping.dmp