Analysis
-
max time kernel
77s -
max time network
139s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
15-11-2020 22:50
Static task
static1
Behavioral task
behavioral1
Sample
bdbc3850d100b517146a20b896e65eb2a411046a0520b20df39b518e7c451243.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
bdbc3850d100b517146a20b896e65eb2a411046a0520b20df39b518e7c451243.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
bdbc3850d100b517146a20b896e65eb2a411046a0520b20df39b518e7c451243.dll
-
Size
143KB
-
MD5
182b0a54d9e36db914beb8aa2cbe1d3b
-
SHA1
cba997f9290dd8f8d0a6d0e5c538834fbf195e8b
-
SHA256
bdbc3850d100b517146a20b896e65eb2a411046a0520b20df39b518e7c451243
-
SHA512
009409f3e683e95fc07031ef0d951a501db02579a211630c225af65ca86864a1f11affaa97f41a3b299d671e18dc46baae13cf4c39cd3831e484ceabceb89495
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
Processes:
rundll32.exeflow pid process 19 3456 rundll32.exe 21 3456 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3944 wrote to memory of 3456 3944 rundll32.exe rundll32.exe PID 3944 wrote to memory of 3456 3944 rundll32.exe rundll32.exe PID 3944 wrote to memory of 3456 3944 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bdbc3850d100b517146a20b896e65eb2a411046a0520b20df39b518e7c451243.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bdbc3850d100b517146a20b896e65eb2a411046a0520b20df39b518e7c451243.dll,#12⤵
- Blocklisted process makes network request
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3456-0-0x0000000000000000-mapping.dmp