Analysis
-
max time kernel
143s -
max time network
150s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
18-05-2021 09:41
Static task
static1
Behavioral task
behavioral1
Sample
9e57821d1fa121a27b4501cc858ad3721d939b4f3a30220efadd97d8cb212d12.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
9e57821d1fa121a27b4501cc858ad3721d939b4f3a30220efadd97d8cb212d12.dll
-
Size
1008KB
-
MD5
19c55abeba7ddb4c86040fc8edbe5bcb
-
SHA1
423ed985869c91806cc3d7c3d3696c856b0bc92b
-
SHA256
9e57821d1fa121a27b4501cc858ad3721d939b4f3a30220efadd97d8cb212d12
-
SHA512
18f98a32a71f077c225efd9391a3acc871bbad644bc004fde1fe1774e4e01e722d9785dc651754fcafa8f4b0e8052e3d1b10a43a7bb54f41286c05deff799a50
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1696 wrote to memory of 2732 1696 rundll32.exe rundll32.exe PID 1696 wrote to memory of 2732 1696 rundll32.exe rundll32.exe PID 1696 wrote to memory of 2732 1696 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9e57821d1fa121a27b4501cc858ad3721d939b4f3a30220efadd97d8cb212d12.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9e57821d1fa121a27b4501cc858ad3721d939b4f3a30220efadd97d8cb212d12.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2732-114-0x0000000000000000-mapping.dmp