Analysis
-
max time kernel
39s -
max time network
56s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
18-05-2021 12:29
Static task
static1
Behavioral task
behavioral1
Sample
e25202c4ec1082d483d3a8dfa58fd0d8a8e7279c6a62bca0d8be5a559125c23e.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
e25202c4ec1082d483d3a8dfa58fd0d8a8e7279c6a62bca0d8be5a559125c23e.dll
-
Size
452KB
-
MD5
f616806ccf9e8e2d9e1af51ded103ec3
-
SHA1
22831cb705c236a29f738cb6f90a60f238d937e8
-
SHA256
e25202c4ec1082d483d3a8dfa58fd0d8a8e7279c6a62bca0d8be5a559125c23e
-
SHA512
fdac2e2f0d77f3d3adb29e26bdc6bf697dbb1aead301939d0ed4074e438c788e361c09efe877178b4551ff5d60827803b92b1f4de8582a6fa723a253776c35e2
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 640 wrote to memory of 1096 640 rundll32.exe rundll32.exe PID 640 wrote to memory of 1096 640 rundll32.exe rundll32.exe PID 640 wrote to memory of 1096 640 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e25202c4ec1082d483d3a8dfa58fd0d8a8e7279c6a62bca0d8be5a559125c23e.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e25202c4ec1082d483d3a8dfa58fd0d8a8e7279c6a62bca0d8be5a559125c23e.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1096-114-0x0000000000000000-mapping.dmp