Analysis
-
max time kernel
19s -
max time network
22s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
08-04-2021 07:23
Static task
static1
Behavioral task
behavioral1
Sample
stfu.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
stfu.dll
Resource
win10v20201028
Errors
Reason
Machine shutdown
General
-
Target
stfu.dll
-
Size
6MB
-
MD5
bec24bf7ee8a0d5c3aa2cd660f2d83f4
-
SHA1
d20a60b765c112be47ddbe770bc3f1b975099055
-
SHA256
bea73fc78ecf3960308614239238ac473328b36f9096b5d3411686431d551345
-
SHA512
01ee1aee2e7b808939749c73f0955e85150e8e068f8c826edbce2517d8e1069a48fbec3b0d4be4ac90369da90514f651a82c343506c17f734db131489dd93738
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 804 wrote to memory of 1492 804 rundll32.exe rundll32.exe PID 804 wrote to memory of 1492 804 rundll32.exe rundll32.exe PID 804 wrote to memory of 1492 804 rundll32.exe rundll32.exe PID 804 wrote to memory of 1492 804 rundll32.exe rundll32.exe PID 804 wrote to memory of 1492 804 rundll32.exe rundll32.exe PID 804 wrote to memory of 1492 804 rundll32.exe rundll32.exe PID 804 wrote to memory of 1492 804 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\stfu.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\stfu.dll,#12⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x01⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x11⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/856-7-0x00000000026E0000-0x00000000026E1000-memory.dmpFilesize
4KB
-
memory/1444-4-0x000007FEFC321000-0x000007FEFC323000-memory.dmpFilesize
8KB
-
memory/1444-5-0x00000000027B0000-0x00000000027B1000-memory.dmpFilesize
4KB
-
memory/1492-2-0x0000000000000000-mapping.dmp
-
memory/1492-3-0x0000000076C21000-0x0000000076C23000-memory.dmpFilesize
8KB