Analysis
-
max time kernel
81s -
max time network
79s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
15-11-2020 22:40
Static task
static1
Behavioral task
behavioral1
Sample
527ea920beb2678d7a065a45b284d89833ddf5825291b8aefd09b1c1c48f2dcb.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
527ea920beb2678d7a065a45b284d89833ddf5825291b8aefd09b1c1c48f2dcb.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
527ea920beb2678d7a065a45b284d89833ddf5825291b8aefd09b1c1c48f2dcb.dll
-
Size
207KB
-
MD5
7bdca83f1ae5f116c9b2991da3495e30
-
SHA1
ab3b949e90c320db0e6b7fe1dc2704d164c05578
-
SHA256
527ea920beb2678d7a065a45b284d89833ddf5825291b8aefd09b1c1c48f2dcb
-
SHA512
785f37da8f7666a8d0c13271429129811be9679ddd5fc5987768895f0dd672de1324df197d27a47a1b3c9402debcad9bac256bc8a0ba96fe1665e7488d670b86
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1804 wrote to memory of 1940 1804 rundll32.exe rundll32.exe PID 1804 wrote to memory of 1940 1804 rundll32.exe rundll32.exe PID 1804 wrote to memory of 1940 1804 rundll32.exe rundll32.exe PID 1804 wrote to memory of 1940 1804 rundll32.exe rundll32.exe PID 1804 wrote to memory of 1940 1804 rundll32.exe rundll32.exe PID 1804 wrote to memory of 1940 1804 rundll32.exe rundll32.exe PID 1804 wrote to memory of 1940 1804 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\527ea920beb2678d7a065a45b284d89833ddf5825291b8aefd09b1c1c48f2dcb.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\527ea920beb2678d7a065a45b284d89833ddf5825291b8aefd09b1c1c48f2dcb.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1940-0-0x0000000000000000-mapping.dmp