Analysis
-
max time kernel
101s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
14-12-2020 14:24
Static task
static1
Behavioral task
behavioral1
Sample
420d173305f5d46ca47fc49999f9b1bf.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
420d173305f5d46ca47fc49999f9b1bf.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
420d173305f5d46ca47fc49999f9b1bf.dll
-
Size
667KB
-
MD5
420d173305f5d46ca47fc49999f9b1bf
-
SHA1
0a012f03c260c67100b757dac6422408f46cc1a3
-
SHA256
2ec1659438816ccaeedbc9f36e35b7adf24cd6153c5e0a43855a5b8103b272fc
-
SHA512
f054be14b644bc54123bafd3ede2dbd48211ef1a9d37635d82952e62cc87243ce1f20ae16f3e009140ce388f615e2b2d8ce035c51e386135998306ea68f4312a
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 648 wrote to memory of 1304 648 rundll32.exe rundll32.exe PID 648 wrote to memory of 1304 648 rundll32.exe rundll32.exe PID 648 wrote to memory of 1304 648 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\420d173305f5d46ca47fc49999f9b1bf.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\420d173305f5d46ca47fc49999f9b1bf.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1304-2-0x0000000000000000-mapping.dmp