Analysis
-
max time kernel
11s -
max time network
111s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
15-11-2020 22:40
Static task
static1
Behavioral task
behavioral1
Sample
574460e4ff00f9cad0bab3973a94eb3dc631950f10b9788e9d913cfb51f736a5.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
574460e4ff00f9cad0bab3973a94eb3dc631950f10b9788e9d913cfb51f736a5.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
574460e4ff00f9cad0bab3973a94eb3dc631950f10b9788e9d913cfb51f736a5.dll
-
Size
207KB
-
MD5
a3b0e82c8ffcaf9f706da8e804c080fa
-
SHA1
00902d7238d8223f8aa927d50ef24cad92b38bf2
-
SHA256
574460e4ff00f9cad0bab3973a94eb3dc631950f10b9788e9d913cfb51f736a5
-
SHA512
e8b6def9254328e896667865daf57ec593f9a4d0f85ca9327bbfca8aa4c92140e1697557b369174f579a95a2ba26c1833885a1a1fac642976843de3e5acd468c
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 980 wrote to memory of 1060 980 rundll32.exe rundll32.exe PID 980 wrote to memory of 1060 980 rundll32.exe rundll32.exe PID 980 wrote to memory of 1060 980 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\574460e4ff00f9cad0bab3973a94eb3dc631950f10b9788e9d913cfb51f736a5.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\574460e4ff00f9cad0bab3973a94eb3dc631950f10b9788e9d913cfb51f736a5.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1060-0-0x0000000000000000-mapping.dmp