Analysis
-
max time kernel
5s -
max time network
10s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
10-01-2021 12:48
Static task
static1
Behavioral task
behavioral1
Sample
a913b5eac3f14924a3812bdcc5e9a214.exe.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
a913b5eac3f14924a3812bdcc5e9a214.exe.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
a913b5eac3f14924a3812bdcc5e9a214.exe.dll
-
Size
207KB
-
MD5
a913b5eac3f14924a3812bdcc5e9a214
-
SHA1
9ac17396a51efc9ebe4e20393aaebee84c8e1dcf
-
SHA256
dc048eaa07e4f82970f23e3c2ad3fbd74df46c896935cf4e6f8d321538e4be3f
-
SHA512
1b1626d2a27c370c68075b58906ba635d3d304176dfb2c3bca7bf5a9761cdf444cb2d6112610aca638c22a3d24d45196dde445bc50bb5b043d91136816bca549
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1812 wrote to memory of 1128 1812 rundll32.exe rundll32.exe PID 1812 wrote to memory of 1128 1812 rundll32.exe rundll32.exe PID 1812 wrote to memory of 1128 1812 rundll32.exe rundll32.exe PID 1812 wrote to memory of 1128 1812 rundll32.exe rundll32.exe PID 1812 wrote to memory of 1128 1812 rundll32.exe rundll32.exe PID 1812 wrote to memory of 1128 1812 rundll32.exe rundll32.exe PID 1812 wrote to memory of 1128 1812 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a913b5eac3f14924a3812bdcc5e9a214.exe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a913b5eac3f14924a3812bdcc5e9a214.exe.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1128-2-0x0000000000000000-mapping.dmp