Analysis
-
max time kernel
14s -
max time network
20s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
21-04-2021 21:58
Static task
static1
Behavioral task
behavioral1
Sample
f3c96d51cad0b0737f305bc6befd26e1e229a264c208f5c87d6fe4126529a6b7.dll
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
f3c96d51cad0b0737f305bc6befd26e1e229a264c208f5c87d6fe4126529a6b7.dll
-
Size
162KB
-
MD5
48a8fc19b7c05823c2d0e8773c322165
-
SHA1
fdbf70927d1841d78a56c048cc70870119586735
-
SHA256
f3c96d51cad0b0737f305bc6befd26e1e229a264c208f5c87d6fe4126529a6b7
-
SHA512
db1522a630004bba59001f9802989dce8f9b3591142c7223c5816793010cd53722897d928e399d6d80881433078924f9ab84c5c768ffd4989dc187e7a4a66c3f
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 796 wrote to memory of 1160 796 rundll32.exe rundll32.exe PID 796 wrote to memory of 1160 796 rundll32.exe rundll32.exe PID 796 wrote to memory of 1160 796 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f3c96d51cad0b0737f305bc6befd26e1e229a264c208f5c87d6fe4126529a6b7.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f3c96d51cad0b0737f305bc6befd26e1e229a264c208f5c87d6fe4126529a6b7.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1160-114-0x0000000000000000-mapping.dmp