Analysis
-
max time kernel
4s -
max time network
11s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
17-11-2020 11:31
Static task
static1
Behavioral task
behavioral1
Sample
6ec362b9c0b523db2cac2cba365b0470.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
6ec362b9c0b523db2cac2cba365b0470.dll
-
Size
433KB
-
MD5
160663d58531b09f248b9defe0fe69b9
-
SHA1
e25d1f154d3c618b9d758dd759a34c2e07e227ec
-
SHA256
042d538a97b2af71b30bcb16c3df4aa7474a63943dd124f81b956bd746fba32b
-
SHA512
ad240e3111a42498589e6c3180a798442da1084729e5f6c9468f59e2a361a2355c0c8d63a322a3f59a563488a0c6d03d736a254d47f9f42d58c9df9384d77f5d
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1128 wrote to memory of 1984 1128 rundll32.exe rundll32.exe PID 1128 wrote to memory of 1984 1128 rundll32.exe rundll32.exe PID 1128 wrote to memory of 1984 1128 rundll32.exe rundll32.exe PID 1128 wrote to memory of 1984 1128 rundll32.exe rundll32.exe PID 1128 wrote to memory of 1984 1128 rundll32.exe rundll32.exe PID 1128 wrote to memory of 1984 1128 rundll32.exe rundll32.exe PID 1128 wrote to memory of 1984 1128 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6ec362b9c0b523db2cac2cba365b0470.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6ec362b9c0b523db2cac2cba365b0470.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1984-0-0x0000000000000000-mapping.dmp