Analysis
-
max time kernel
30s -
max time network
33s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
15-11-2020 22:36
Static task
static1
Behavioral task
behavioral1
Sample
22ade24033280f21cafadeb7eec43e971a1dc161a2fd6d6c6b9f909c6f01d2df.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
22ade24033280f21cafadeb7eec43e971a1dc161a2fd6d6c6b9f909c6f01d2df.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
22ade24033280f21cafadeb7eec43e971a1dc161a2fd6d6c6b9f909c6f01d2df.dll
-
Size
207KB
-
MD5
aa790158d499ccbd52bac2fbf415aa68
-
SHA1
8d25d860312787f611a3b700c267404167cb78e7
-
SHA256
22ade24033280f21cafadeb7eec43e971a1dc161a2fd6d6c6b9f909c6f01d2df
-
SHA512
7a16c1df96a213827e8761b8917d745765a64acbf74a253e0fc12ad8a2f598c61b83963effa6f111dd4589050a8cb792c0bf37dc7f79adc5bf6da5eec0151b0e
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1704 wrote to memory of 1900 1704 rundll32.exe rundll32.exe PID 1704 wrote to memory of 1900 1704 rundll32.exe rundll32.exe PID 1704 wrote to memory of 1900 1704 rundll32.exe rundll32.exe PID 1704 wrote to memory of 1900 1704 rundll32.exe rundll32.exe PID 1704 wrote to memory of 1900 1704 rundll32.exe rundll32.exe PID 1704 wrote to memory of 1900 1704 rundll32.exe rundll32.exe PID 1704 wrote to memory of 1900 1704 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\22ade24033280f21cafadeb7eec43e971a1dc161a2fd6d6c6b9f909c6f01d2df.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\22ade24033280f21cafadeb7eec43e971a1dc161a2fd6d6c6b9f909c6f01d2df.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1900-0-0x0000000000000000-mapping.dmp