Analysis
-
max time kernel
4s -
max time network
9s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
15-11-2020 23:13
Static task
static1
Behavioral task
behavioral1
Sample
7cefe6086777f99d3ef9374a2bf1660a8df6de5f9d0cefae929971ba50dcdbda.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
7cefe6086777f99d3ef9374a2bf1660a8df6de5f9d0cefae929971ba50dcdbda.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
7cefe6086777f99d3ef9374a2bf1660a8df6de5f9d0cefae929971ba50dcdbda.dll
-
Size
207KB
-
MD5
a49d6cf202a019d154efa02078e2fd4a
-
SHA1
4a716f09ab18a56ae895f9c2f5b74966db641bf5
-
SHA256
7cefe6086777f99d3ef9374a2bf1660a8df6de5f9d0cefae929971ba50dcdbda
-
SHA512
96ec590178408731a391c1719079d17c58ccabf266df0a2627f6e96b06d3bff0d20b1e892e5cc68721a25d238553c764951be06949850cd755dbdac9edc9c328
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 364 wrote to memory of 1664 364 rundll32.exe rundll32.exe PID 364 wrote to memory of 1664 364 rundll32.exe rundll32.exe PID 364 wrote to memory of 1664 364 rundll32.exe rundll32.exe PID 364 wrote to memory of 1664 364 rundll32.exe rundll32.exe PID 364 wrote to memory of 1664 364 rundll32.exe rundll32.exe PID 364 wrote to memory of 1664 364 rundll32.exe rundll32.exe PID 364 wrote to memory of 1664 364 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7cefe6086777f99d3ef9374a2bf1660a8df6de5f9d0cefae929971ba50dcdbda.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7cefe6086777f99d3ef9374a2bf1660a8df6de5f9d0cefae929971ba50dcdbda.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1664-0-0x0000000000000000-mapping.dmp