Analysis
-
max time kernel
4s -
max time network
15s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
15-11-2020 23:14
Static task
static1
Behavioral task
behavioral1
Sample
bacf975a36b72572e8a81da080f46c942bcbf3f3160c231f34cbae67996bc180.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
bacf975a36b72572e8a81da080f46c942bcbf3f3160c231f34cbae67996bc180.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
bacf975a36b72572e8a81da080f46c942bcbf3f3160c231f34cbae67996bc180.dll
-
Size
207KB
-
MD5
380f4918c8286681e66d2ab5ab9b8f6a
-
SHA1
4b89521e8baccbdbd0632f7725ac4dc80efa2b22
-
SHA256
bacf975a36b72572e8a81da080f46c942bcbf3f3160c231f34cbae67996bc180
-
SHA512
d1529885260dd56c46c4fc21987d3f682cec978440678c1a59335fd49915261b501aa2a068da0fe60f88f31432d3cb01a37330d70d1b13f2b95be883c5b2798e
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 288 wrote to memory of 1872 288 rundll32.exe rundll32.exe PID 288 wrote to memory of 1872 288 rundll32.exe rundll32.exe PID 288 wrote to memory of 1872 288 rundll32.exe rundll32.exe PID 288 wrote to memory of 1872 288 rundll32.exe rundll32.exe PID 288 wrote to memory of 1872 288 rundll32.exe rundll32.exe PID 288 wrote to memory of 1872 288 rundll32.exe rundll32.exe PID 288 wrote to memory of 1872 288 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bacf975a36b72572e8a81da080f46c942bcbf3f3160c231f34cbae67996bc180.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:288 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bacf975a36b72572e8a81da080f46c942bcbf3f3160c231f34cbae67996bc180.dll,#12⤵PID:1872
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1872-0-0x0000000000000000-mapping.dmp