Analysis
-
max time kernel
65s -
max time network
124s -
platform
windows10_x64 -
resource
win10 -
submitted
31-07-2020 13:24
Static task
static1
Behavioral task
behavioral1
Sample
kpryt.bin.dll
Resource
win7v200722
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
kpryt.bin.dll
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
kpryt.bin.dll
-
Size
554KB
-
MD5
5c09c68b5bb3996f903218bc0e101025
-
SHA1
d566450d11dff5ac3611c4215b28fef2a14a0d8c
-
SHA256
21989a16f64302716a565599f469f5a97fb4a1b14ff6ed1896d2650866e12d6c
-
SHA512
fd83ff5d4514629fabf2e3d88a536604b235c9f48d756816829650737687b73ec7ddc98782771720b2d9c843764f7893e7f3bf6f7f9bbdad1958cce53d9658b9
Score
10/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3588 wrote to memory of 3660 3588 rundll32.exe rundll32.exe PID 3588 wrote to memory of 3660 3588 rundll32.exe rundll32.exe PID 3588 wrote to memory of 3660 3588 rundll32.exe rundll32.exe -
Blacklisted process makes network request 4 IoCs
Processes:
rundll32.exeflow pid process 2 3660 rundll32.exe 4 3660 rundll32.exe 6 3660 rundll32.exe 8 3660 rundll32.exe -
Donot APT Downloader
A downloader used by Donot APT group to download further modules.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\kpryt.bin.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\kpryt.bin.dll,#12⤵
- Blacklisted process makes network request
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3660-0-0x0000000000000000-mapping.dmp