Analysis
-
max time kernel
150s -
max time network
92s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
13-01-2021 19:45
Static task
static1
Behavioral task
behavioral1
Sample
cd56a95ff1aaaf765e36723f20601f45.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
cd56a95ff1aaaf765e36723f20601f45.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
cd56a95ff1aaaf765e36723f20601f45.dll
-
Size
7KB
-
MD5
cd56a95ff1aaaf765e36723f20601f45
-
SHA1
46552fba600c2bdbf91e75eddefc45f9f57b741a
-
SHA256
19bc003eab42141cbc9a0e9103345594c057c587225b3ae6a62cc9ce1629d534
-
SHA512
bdf9d938ab111bfdb9feea410af581402ad971e9e50723ba2c42f64a7e2426368fe4dd3d1bafe6cdd79260282d6df2d1c34164720b74f0d70e38f52ddcdf3e81
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1096 wrote to memory of 2016 1096 rundll32.exe rundll32.exe PID 1096 wrote to memory of 2016 1096 rundll32.exe rundll32.exe PID 1096 wrote to memory of 2016 1096 rundll32.exe rundll32.exe PID 1096 wrote to memory of 2016 1096 rundll32.exe rundll32.exe PID 1096 wrote to memory of 2016 1096 rundll32.exe rundll32.exe PID 1096 wrote to memory of 2016 1096 rundll32.exe rundll32.exe PID 1096 wrote to memory of 2016 1096 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cd56a95ff1aaaf765e36723f20601f45.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cd56a95ff1aaaf765e36723f20601f45.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2016-2-0x0000000000000000-mapping.dmp