Overview

overview

10

Static

static

8

08af470338...22.exe

windows7_x64

1

08af470338...22.exe

windows10_x64

1

1a86f37c48...38.exe

windows7_x64

1

1a86f37c48...38.exe

windows10_x64

1

1b729638fb...87.exe

windows7_x64

1

1b729638fb...87.exe

windows10_x64

10

1dda56e38d...28.exe

windows7_x64

8

1dda56e38d...28.exe

windows10_x64

8

1e6d2544e8...94.exe

windows7_x64

10

1e6d2544e8...94.exe

windows10_x64

10

2b08e7b15a...9.xlsx

windows7_x64

1

2b08e7b15a...9.xlsx

windows10_x64

1

3fda6fd600...6e.dll

windows7_x64

1

3fda6fd600...6e.dll

windows10_x64

1

4b69264d21...91.exe

windows7_x64

10

4b69264d21...91.exe

windows10_x64

10

4b7659b234...63.exe

windows7_x64

1

4b7659b234...63.exe

windows10_x64

1

4bb4e4e1b4...91.xls

windows7_x64

10

4bb4e4e1b4...91.xls

windows10_x64

10

4c4420fc81...96.exe

windows7_x64

10

4c4420fc81...96.exe

windows10_x64

10

4e8b50459a...7d.dll

windows7_x64

10

4e8b50459a...7d.dll

windows10_x64

10

4ec8577958...f.xlsx

windows7_x64

10

4ec8577958...f.xlsx

windows10_x64

1

6abf4544f6...cd.exe

windows7_x64

1

6abf4544f6...cd.exe

windows10_x64

1

6f0f5ac2a0...8e.exe

windows7_x64

10

6f0f5ac2a0...8e.exe

windows10_x64

10

6f7620033e...ca.dll

windows7_x64

10

6f7620033e...ca.dll

windows10_x64

10

Analysis

  • max time kernel
    5s
  • max time network
    10s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    20-02-2021 15:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3fda6fd600b4892bda1d28c1835811a139615db41c99a37747954dcccaebff6e.dll

  • Size

    180KB

  • MD5

    7831a9eebbb485ab4850460e33185cb3

  • SHA1

    433471495f168d8361971f95fff1a1e78dc1ea81

  • SHA256

    3fda6fd600b4892bda1d28c1835811a139615db41c99a37747954dcccaebff6e

  • SHA512

    a5c9d45569c09d9022ee8545e761ab1803ae994255f466e57d588fe51cf1517586f227f5b568361b3cc42bcc2f1dc04d8bae7ea2d7836ea2d00f62500add6f7c

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\3fda6fd600b4892bda1d28c1835811a139615db41c99a37747954dcccaebff6e.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\3fda6fd600b4892bda1d28c1835811a139615db41c99a37747954dcccaebff6e.dll,#1
      2⤵
        PID:1920

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1920-2-0x0000000000000000-mapping.dmp

      Download

    • memory/1920-3-0x00000000750C1000-0x00000000750C3000-memory.dmp

      Filesize

      8KB

      Download