Analysis
-
max time kernel
11s -
max time network
111s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
15-11-2020 22:42
Static task
static1
Behavioral task
behavioral1
Sample
b7039a26d652162a8a0160c463be80e12a007fd44ce7b3c635f0ab8e23f62142.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
b7039a26d652162a8a0160c463be80e12a007fd44ce7b3c635f0ab8e23f62142.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
b7039a26d652162a8a0160c463be80e12a007fd44ce7b3c635f0ab8e23f62142.dll
-
Size
207KB
-
MD5
addd9730dbf6b4da215e95ee59db531a
-
SHA1
31d56e9dcc69b24dbb96366d0f45ab156a5a793d
-
SHA256
b7039a26d652162a8a0160c463be80e12a007fd44ce7b3c635f0ab8e23f62142
-
SHA512
59254000870fabfc209ab6c7e166d6110fd93d16836a5a1ddf6cfe869eda64a089f3a642b77860284e8176d9b7ae230bf879bd12adcdfee0b6c8a45922acccb4
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4696 wrote to memory of 4716 4696 rundll32.exe rundll32.exe PID 4696 wrote to memory of 4716 4696 rundll32.exe rundll32.exe PID 4696 wrote to memory of 4716 4696 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b7039a26d652162a8a0160c463be80e12a007fd44ce7b3c635f0ab8e23f62142.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b7039a26d652162a8a0160c463be80e12a007fd44ce7b3c635f0ab8e23f62142.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4716-0-0x0000000000000000-mapping.dmp