Analysis
-
max time kernel
3s -
max time network
8s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
15-11-2020 22:48
Static task
static1
Behavioral task
behavioral1
Sample
3b458b2067e79527841e487b253098085ebf85b3c3e63f3688b00b028bf723c2.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
3b458b2067e79527841e487b253098085ebf85b3c3e63f3688b00b028bf723c2.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
3b458b2067e79527841e487b253098085ebf85b3c3e63f3688b00b028bf723c2.dll
-
Size
207KB
-
MD5
e339ab39ffb074a3bf0948aad93b0dfd
-
SHA1
c763dcef46812d14c3268b8e351e58419c420550
-
SHA256
3b458b2067e79527841e487b253098085ebf85b3c3e63f3688b00b028bf723c2
-
SHA512
d719d6579f05ada64e14a08c0e2f349d423d9730e796ed5e617abb92a4797de8f0aa1c6c233a60a7592a45508d2485b6cf57500deca94966da575d72dcf630c1
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1644 wrote to memory of 1400 1644 rundll32.exe rundll32.exe PID 1644 wrote to memory of 1400 1644 rundll32.exe rundll32.exe PID 1644 wrote to memory of 1400 1644 rundll32.exe rundll32.exe PID 1644 wrote to memory of 1400 1644 rundll32.exe rundll32.exe PID 1644 wrote to memory of 1400 1644 rundll32.exe rundll32.exe PID 1644 wrote to memory of 1400 1644 rundll32.exe rundll32.exe PID 1644 wrote to memory of 1400 1644 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3b458b2067e79527841e487b253098085ebf85b3c3e63f3688b00b028bf723c2.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1644 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3b458b2067e79527841e487b253098085ebf85b3c3e63f3688b00b028bf723c2.dll,#12⤵PID:1400
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1400-0-0x0000000000000000-mapping.dmp