Analysis
-
max time kernel
3s -
max time network
11s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
20-12-2020 07:57
Static task
static1
Behavioral task
behavioral1
Sample
29fe282b2e6b0481e2c9d6c28a8923b0.exe.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
29fe282b2e6b0481e2c9d6c28a8923b0.exe.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
29fe282b2e6b0481e2c9d6c28a8923b0.exe.dll
-
Size
207KB
-
MD5
29fe282b2e6b0481e2c9d6c28a8923b0
-
SHA1
7593a3b43784072870dad4d465b27cbda856a80a
-
SHA256
8dce71c908ff32080bc0824f242c3747c178e93de83205244d9ad9586c4e9ad4
-
SHA512
21ffed1354f6501885ef079cb1dcd75fdfce25a9e4d04c0bb5e2e77ca2a59d25363a6fadc6487faef840695b67444c696a91785e140e065692452f53755e94d1
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1756 wrote to memory of 1096 1756 rundll32.exe rundll32.exe PID 1756 wrote to memory of 1096 1756 rundll32.exe rundll32.exe PID 1756 wrote to memory of 1096 1756 rundll32.exe rundll32.exe PID 1756 wrote to memory of 1096 1756 rundll32.exe rundll32.exe PID 1756 wrote to memory of 1096 1756 rundll32.exe rundll32.exe PID 1756 wrote to memory of 1096 1756 rundll32.exe rundll32.exe PID 1756 wrote to memory of 1096 1756 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\29fe282b2e6b0481e2c9d6c28a8923b0.exe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\29fe282b2e6b0481e2c9d6c28a8923b0.exe.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1096-2-0x0000000000000000-mapping.dmp