Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
13-05-2021 02:17
Static task
static1
Behavioral task
behavioral1
Sample
f2e59e506031b25131351ca7e7fac01c463fc2391e7cc292ede678681096ef29.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
f2e59e506031b25131351ca7e7fac01c463fc2391e7cc292ede678681096ef29.dll
-
Size
348KB
-
MD5
c58564905bc79cfa583cb8b6e2cd3d7b
-
SHA1
10439eb07acccb00f9a10aee802fce58295f3da0
-
SHA256
f2e59e506031b25131351ca7e7fac01c463fc2391e7cc292ede678681096ef29
-
SHA512
edec27d2e10bbaa3070a063a0289c986d26a5f5b8b0d2354169eefeffd63183c64470a7a2f132d11f557846931bc717e63fdb27933b06b0a77f16a8c884bbab8
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3560 wrote to memory of 3148 3560 rundll32.exe rundll32.exe PID 3560 wrote to memory of 3148 3560 rundll32.exe rundll32.exe PID 3560 wrote to memory of 3148 3560 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f2e59e506031b25131351ca7e7fac01c463fc2391e7cc292ede678681096ef29.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3560 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f2e59e506031b25131351ca7e7fac01c463fc2391e7cc292ede678681096ef29.dll,#12⤵PID:3148
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3148-114-0x0000000000000000-mapping.dmp