Analysis
-
max time kernel
3s -
max time network
10s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
15-11-2020 22:38
Static task
static1
Behavioral task
behavioral1
Sample
b0d4a12f337ac4ea1b675230009e2ef009f5113606956aaa754b20d541befc3b.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
b0d4a12f337ac4ea1b675230009e2ef009f5113606956aaa754b20d541befc3b.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
b0d4a12f337ac4ea1b675230009e2ef009f5113606956aaa754b20d541befc3b.dll
-
Size
207KB
-
MD5
30fed1cf2c80b85042f22f4fb1f7a7ea
-
SHA1
c87270996a7e6b99531720799cc158481d6f998e
-
SHA256
b0d4a12f337ac4ea1b675230009e2ef009f5113606956aaa754b20d541befc3b
-
SHA512
8cd199923f1f22aae719d8d7154a504fb93b54e66c8a45855236d8cec2125757ddb09752b170cd2bd5ba4c9011f150eedfc7420986a3b32c77fa33cf892c24ff
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 748 wrote to memory of 2016 748 rundll32.exe rundll32.exe PID 748 wrote to memory of 2016 748 rundll32.exe rundll32.exe PID 748 wrote to memory of 2016 748 rundll32.exe rundll32.exe PID 748 wrote to memory of 2016 748 rundll32.exe rundll32.exe PID 748 wrote to memory of 2016 748 rundll32.exe rundll32.exe PID 748 wrote to memory of 2016 748 rundll32.exe rundll32.exe PID 748 wrote to memory of 2016 748 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b0d4a12f337ac4ea1b675230009e2ef009f5113606956aaa754b20d541befc3b.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b0d4a12f337ac4ea1b675230009e2ef009f5113606956aaa754b20d541befc3b.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2016-0-0x0000000000000000-mapping.dmp