Analysis
-
max time kernel
12s -
max time network
111s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
23-03-2021 18:04
Behavioral task
behavioral1
Sample
965e8a6c0b646352406ea5deb665a38606670c9163e12af2684dba436ae9fff3.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
965e8a6c0b646352406ea5deb665a38606670c9163e12af2684dba436ae9fff3.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
965e8a6c0b646352406ea5deb665a38606670c9163e12af2684dba436ae9fff3.dll
-
Size
150KB
-
MD5
b2dc3a104d18f1a899d67fcd69fc0c5b
-
SHA1
b5306f3e9d4a86d518cd4433a1eae65151775384
-
SHA256
965e8a6c0b646352406ea5deb665a38606670c9163e12af2684dba436ae9fff3
-
SHA512
d6d2f900a6095a895894bc50074bc2dde40aafd304f1e3078958d721b373f525201e979162ce64e81dce256779162c1a853dfc6909af47b4304da5daa1cc042b
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4012 wrote to memory of 4088 4012 rundll32.exe rundll32.exe PID 4012 wrote to memory of 4088 4012 rundll32.exe rundll32.exe PID 4012 wrote to memory of 4088 4012 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\965e8a6c0b646352406ea5deb665a38606670c9163e12af2684dba436ae9fff3.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4012 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\965e8a6c0b646352406ea5deb665a38606670c9163e12af2684dba436ae9fff3.dll,#12⤵PID:4088
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4088-2-0x0000000000000000-mapping.dmp