Analysis
-
max time kernel
114s -
max time network
134s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
15-11-2020 22:48
Static task
static1
Behavioral task
behavioral1
Sample
3b458b2067e79527841e487b253098085ebf85b3c3e63f3688b00b028bf723c2.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
3b458b2067e79527841e487b253098085ebf85b3c3e63f3688b00b028bf723c2.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
3b458b2067e79527841e487b253098085ebf85b3c3e63f3688b00b028bf723c2.dll
-
Size
207KB
-
MD5
e339ab39ffb074a3bf0948aad93b0dfd
-
SHA1
c763dcef46812d14c3268b8e351e58419c420550
-
SHA256
3b458b2067e79527841e487b253098085ebf85b3c3e63f3688b00b028bf723c2
-
SHA512
d719d6579f05ada64e14a08c0e2f349d423d9730e796ed5e617abb92a4797de8f0aa1c6c233a60a7592a45508d2485b6cf57500deca94966da575d72dcf630c1
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3304 wrote to memory of 636 3304 rundll32.exe rundll32.exe PID 3304 wrote to memory of 636 3304 rundll32.exe rundll32.exe PID 3304 wrote to memory of 636 3304 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3b458b2067e79527841e487b253098085ebf85b3c3e63f3688b00b028bf723c2.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3b458b2067e79527841e487b253098085ebf85b3c3e63f3688b00b028bf723c2.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/636-0-0x0000000000000000-mapping.dmp