Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
12-01-2021 08:33
Behavioral task
behavioral1
Sample
3db2fc3e2bdc0b93e8ca79474c5e74f6792fb3acb0df37b0fbb442dc55f30d47.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
3db2fc3e2bdc0b93e8ca79474c5e74f6792fb3acb0df37b0fbb442dc55f30d47.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
3db2fc3e2bdc0b93e8ca79474c5e74f6792fb3acb0df37b0fbb442dc55f30d47.dll
-
Size
2.2MB
-
MD5
10bbebdc31e0b60567bc7dc095340f47
-
SHA1
17c8bb8c76fc813f1af7b1b892fe4bdc946902c5
-
SHA256
3db2fc3e2bdc0b93e8ca79474c5e74f6792fb3acb0df37b0fbb442dc55f30d47
-
SHA512
f57c2ea08b365b655ac4b9e1a13ab39fedb85af7751a3fa05b441fd53fd5e5c67252784e985895e55a78c191d5577e6baf97a7f98fddcb342c1d54818a370c6a
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1424 wrote to memory of 1768 1424 rundll32.exe rundll32.exe PID 1424 wrote to memory of 1768 1424 rundll32.exe rundll32.exe PID 1424 wrote to memory of 1768 1424 rundll32.exe rundll32.exe PID 1424 wrote to memory of 1768 1424 rundll32.exe rundll32.exe PID 1424 wrote to memory of 1768 1424 rundll32.exe rundll32.exe PID 1424 wrote to memory of 1768 1424 rundll32.exe rundll32.exe PID 1424 wrote to memory of 1768 1424 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3db2fc3e2bdc0b93e8ca79474c5e74f6792fb3acb0df37b0fbb442dc55f30d47.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3db2fc3e2bdc0b93e8ca79474c5e74f6792fb3acb0df37b0fbb442dc55f30d47.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1768-2-0x0000000000000000-mapping.dmp