Analysis
-
max time kernel
90s -
max time network
8s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
03-12-2020 11:03
Static task
static1
Behavioral task
behavioral1
Sample
c317c52e7b95e14ae974df6fe99df3e5c976b2186897f19fbef68add5dcc28ea.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
c317c52e7b95e14ae974df6fe99df3e5c976b2186897f19fbef68add5dcc28ea.dll
-
Size
215KB
-
MD5
c3df79dafe7b52af61c291acb22bd79e
-
SHA1
32c33076ea6a24fdfca376338eeaf93e87ac948c
-
SHA256
c317c52e7b95e14ae974df6fe99df3e5c976b2186897f19fbef68add5dcc28ea
-
SHA512
f2b7df8a6dd54d011db496d4116423d02bae4958ed2d9742469115a9f64100be6b404d209a50f2ca35152a5f3a19c010cfbe5bd65ef63a76ef8cb1e961f88a72
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2028 wrote to memory of 316 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 316 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 316 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 316 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 316 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 316 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 316 2028 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c317c52e7b95e14ae974df6fe99df3e5c976b2186897f19fbef68add5dcc28ea.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c317c52e7b95e14ae974df6fe99df3e5c976b2186897f19fbef68add5dcc28ea.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/316-2-0x0000000000000000-mapping.dmp