Analysis
-
max time kernel
21s -
max time network
8s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
05-05-2021 14:06
Static task
static1
Behavioral task
behavioral1
Sample
154bb70ce4102c04094ec6076d61fcdbb53bdb01e8e401fbeeab42e667cc7778.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
154bb70ce4102c04094ec6076d61fcdbb53bdb01e8e401fbeeab42e667cc7778.dll
-
Size
1.4MB
-
MD5
70fea7d5e2aee066022e34afd14fe251
-
SHA1
f129ba34313f97f973d1ed7df6df69e383428d5c
-
SHA256
154bb70ce4102c04094ec6076d61fcdbb53bdb01e8e401fbeeab42e667cc7778
-
SHA512
84b0994895ed695838a800e6b991cdd0357cb7ba159f47daa8846482902cea07d50653d7ae525e9b291b457f193f59ab05ae55c9bd26367413a44591572306fc
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1996 wrote to memory of 1972 1996 rundll32.exe rundll32.exe PID 1996 wrote to memory of 1972 1996 rundll32.exe rundll32.exe PID 1996 wrote to memory of 1972 1996 rundll32.exe rundll32.exe PID 1996 wrote to memory of 1972 1996 rundll32.exe rundll32.exe PID 1996 wrote to memory of 1972 1996 rundll32.exe rundll32.exe PID 1996 wrote to memory of 1972 1996 rundll32.exe rundll32.exe PID 1996 wrote to memory of 1972 1996 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\154bb70ce4102c04094ec6076d61fcdbb53bdb01e8e401fbeeab42e667cc7778.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\154bb70ce4102c04094ec6076d61fcdbb53bdb01e8e401fbeeab42e667cc7778.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1972-59-0x0000000000000000-mapping.dmp
-
memory/1972-60-0x0000000075D41000-0x0000000075D43000-memory.dmpFilesize
8KB
-
memory/1972-61-0x0000000000980000-0x0000000000AEC000-memory.dmpFilesize
1.4MB
-
memory/1972-62-0x0000000000160000-0x0000000000161000-memory.dmpFilesize
4KB
-
memory/1972-63-0x0000000000300000-0x000000000032D000-memory.dmpFilesize
180KB