Analysis
-
max time kernel
4s -
max time network
9s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
15-11-2020 22:49
Static task
static1
Behavioral task
behavioral1
Sample
5a000707cbde902af60095f470fffe45f05a6b72877eaa88b52ab790b677a197.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
5a000707cbde902af60095f470fffe45f05a6b72877eaa88b52ab790b677a197.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
5a000707cbde902af60095f470fffe45f05a6b72877eaa88b52ab790b677a197.dll
-
Size
207KB
-
MD5
60777c3c48cd4af011157bffca17f3dd
-
SHA1
de42ffa2330d3fe8d881b2504f93e6ea98ca0160
-
SHA256
5a000707cbde902af60095f470fffe45f05a6b72877eaa88b52ab790b677a197
-
SHA512
9d273470d4c078fa695bbb863375285b4dab8202f6cf0bae05be2144d929704bb3669eae751c984b555177d1e5d5bf3f728df036ec97eb0fa19108d7ef9f7a9c
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1668 wrote to memory of 1956 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 1956 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 1956 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 1956 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 1956 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 1956 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 1956 1668 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5a000707cbde902af60095f470fffe45f05a6b72877eaa88b52ab790b677a197.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1668 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5a000707cbde902af60095f470fffe45f05a6b72877eaa88b52ab790b677a197.dll,#12⤵PID:1956
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1956-0-0x0000000000000000-mapping.dmp