Analysis
-
max time kernel
4s -
max time network
21s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
15-11-2020 22:40
Static task
static1
Behavioral task
behavioral1
Sample
574460e4ff00f9cad0bab3973a94eb3dc631950f10b9788e9d913cfb51f736a5.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
574460e4ff00f9cad0bab3973a94eb3dc631950f10b9788e9d913cfb51f736a5.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
574460e4ff00f9cad0bab3973a94eb3dc631950f10b9788e9d913cfb51f736a5.dll
-
Size
207KB
-
MD5
a3b0e82c8ffcaf9f706da8e804c080fa
-
SHA1
00902d7238d8223f8aa927d50ef24cad92b38bf2
-
SHA256
574460e4ff00f9cad0bab3973a94eb3dc631950f10b9788e9d913cfb51f736a5
-
SHA512
e8b6def9254328e896667865daf57ec593f9a4d0f85ca9327bbfca8aa4c92140e1697557b369174f579a95a2ba26c1833885a1a1fac642976843de3e5acd468c
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1644 wrote to memory of 1196 1644 rundll32.exe rundll32.exe PID 1644 wrote to memory of 1196 1644 rundll32.exe rundll32.exe PID 1644 wrote to memory of 1196 1644 rundll32.exe rundll32.exe PID 1644 wrote to memory of 1196 1644 rundll32.exe rundll32.exe PID 1644 wrote to memory of 1196 1644 rundll32.exe rundll32.exe PID 1644 wrote to memory of 1196 1644 rundll32.exe rundll32.exe PID 1644 wrote to memory of 1196 1644 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\574460e4ff00f9cad0bab3973a94eb3dc631950f10b9788e9d913cfb51f736a5.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\574460e4ff00f9cad0bab3973a94eb3dc631950f10b9788e9d913cfb51f736a5.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1196-0-0x0000000000000000-mapping.dmp