Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
15-11-2020 22:39
Static task
static1
Behavioral task
behavioral1
Sample
2abccc4287c95d66c28ee3048a6afd18a2f919d064998f65cd57050a59b473f0.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
2abccc4287c95d66c28ee3048a6afd18a2f919d064998f65cd57050a59b473f0.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
2abccc4287c95d66c28ee3048a6afd18a2f919d064998f65cd57050a59b473f0.dll
-
Size
207KB
-
MD5
9b4e6583382d217cdc1e017797a469be
-
SHA1
de3d60e2e4f57f4ffc9e801eb353b4ba6d534885
-
SHA256
2abccc4287c95d66c28ee3048a6afd18a2f919d064998f65cd57050a59b473f0
-
SHA512
2cc7339a5bcf8b83a3fb156f9c27c03e59a49a644bb3ed4753a4ae322eb7383c1ba45187e3a373be991c0a722f5eaab703f2a255faec216afcf1b4caf255c7ba
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4688 wrote to memory of 4836 4688 rundll32.exe rundll32.exe PID 4688 wrote to memory of 4836 4688 rundll32.exe rundll32.exe PID 4688 wrote to memory of 4836 4688 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2abccc4287c95d66c28ee3048a6afd18a2f919d064998f65cd57050a59b473f0.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2abccc4287c95d66c28ee3048a6afd18a2f919d064998f65cd57050a59b473f0.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4836-0-0x0000000000000000-mapping.dmp