Analysis
-
max time kernel
13s -
max time network
135s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
20-11-2020 22:55
Static task
static1
Behavioral task
behavioral1
Sample
3ae02fc1fdb653997eeb9303305f1ec35dbb87eb603b573bd94895f35542f1a8.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
3ae02fc1fdb653997eeb9303305f1ec35dbb87eb603b573bd94895f35542f1a8.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
3ae02fc1fdb653997eeb9303305f1ec35dbb87eb603b573bd94895f35542f1a8.dll
-
Size
168KB
-
MD5
0a0aae4b62caf33b4e75c1324bbb58d1
-
SHA1
364deb73b31b77824315963f95f1ecdf0684b600
-
SHA256
3ae02fc1fdb653997eeb9303305f1ec35dbb87eb603b573bd94895f35542f1a8
-
SHA512
e1aa2ccbbab36218ad54334adfc2071709c6d6a9b71154ba6276e9eac9958a08d4a2602985030448752d21d12dd49685121d1563d019aa2abde2636238ca359b
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 508 wrote to memory of 356 508 rundll32.exe rundll32.exe PID 508 wrote to memory of 356 508 rundll32.exe rundll32.exe PID 508 wrote to memory of 356 508 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3ae02fc1fdb653997eeb9303305f1ec35dbb87eb603b573bd94895f35542f1a8.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3ae02fc1fdb653997eeb9303305f1ec35dbb87eb603b573bd94895f35542f1a8.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/356-0-0x0000000000000000-mapping.dmp