Analysis
-
max time kernel
14s -
max time network
68s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
12-03-2021 05:32
Static task
static1
Behavioral task
behavioral1
Sample
sgm.bin.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
sgm.bin.dll
-
Size
40KB
-
MD5
8a9a8739404210e7e454dc2466872f23
-
SHA1
a3dbb6cb1eed87147f734c933e087bd66954ca18
-
SHA256
8229a6d0339c001fd0ce51db1b10748d37c838baee130afea2488f2ad0e05ac4
-
SHA512
2479c99ffc4002c909a1e6acf66ed2b6dc32efeea0b6182eb2ca8bb5cbe65bd85e507a0bab5f1e38232918cf59f29b592dc1f83b4d9684106ebf5707e057726e
Malware Config
Signatures
-
Nloader Payload 4 IoCs
resource yara_rule behavioral2/memory/1048-3-0x0000000000650000-0x0000000000659000-memory.dmp nloader behavioral2/memory/1048-4-0x0000000010000000-0x0000000010007000-memory.dmp nloader behavioral2/memory/1048-5-0x0000000000C20000-0x0000000000C25000-memory.dmp nloader behavioral2/memory/1048-6-0x0000000000640000-0x0000000000647000-memory.dmp nloader -
Blocklisted process makes network request 1 IoCs
flow pid Process 5 1048 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 832 wrote to memory of 1048 832 rundll32.exe 69 PID 832 wrote to memory of 1048 832 rundll32.exe 69 PID 832 wrote to memory of 1048 832 rundll32.exe 69
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\sgm.bin.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:832 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\sgm.bin.dll,#12⤵
- Blocklisted process makes network request
PID:1048
-