Resubmissions
22-01-2021 10:18
210122-ca3rsnyfea 1022-01-2021 10:16
210122-6qpcx3d83a 122-01-2021 09:44
210122-77epvbyd4j 1022-01-2021 08:12
210122-xw5q2lt71e 1Analysis
-
max time kernel
60s -
max time network
62s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
22-01-2021 10:16
Static task
static1
Behavioral task
behavioral1
Sample
8a87e9ca0011dced9b29abff8ffa438815ed675b7c9fcef3e546109a08f2ab45.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
8a87e9ca0011dced9b29abff8ffa438815ed675b7c9fcef3e546109a08f2ab45.dll
-
Size
340KB
-
MD5
87ab0405dd92650067542696ee0c2c98
-
SHA1
204e0200e2c648edf70d90472e0b6c4b15bc58c8
-
SHA256
8a87e9ca0011dced9b29abff8ffa438815ed675b7c9fcef3e546109a08f2ab45
-
SHA512
2fbb98040f88eb7d3f34157372db49fb7ee933bd63a59d74b1fd91d8ec0eaf065aa8cd69851ec75c2c379e174a3eaaf9d630f847bc525ba61fc127a68454e2d2
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3884 wrote to memory of 3192 3884 rundll32.exe rundll32.exe PID 3884 wrote to memory of 3192 3884 rundll32.exe rundll32.exe PID 3884 wrote to memory of 3192 3884 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8a87e9ca0011dced9b29abff8ffa438815ed675b7c9fcef3e546109a08f2ab45.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8a87e9ca0011dced9b29abff8ffa438815ed675b7c9fcef3e546109a08f2ab45.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3192-2-0x0000000000000000-mapping.dmp