Analysis
-
max time kernel
29s -
max time network
52s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
18-05-2021 10:57
Static task
static1
Behavioral task
behavioral1
Sample
c0ec7a291999dd1806fe4422a7224aacbee0b93be4bb6636f575963e4f1a8300.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
c0ec7a291999dd1806fe4422a7224aacbee0b93be4bb6636f575963e4f1a8300.dll
-
Size
793KB
-
MD5
dc109d379f5789d6029c406fd21fa37f
-
SHA1
4bfe380aeef46be8bfe11c897c33a001a5250e00
-
SHA256
c0ec7a291999dd1806fe4422a7224aacbee0b93be4bb6636f575963e4f1a8300
-
SHA512
0e9e7aa3961beb370b57ea1e1f40705dc5ca090f00c72beffdb856426013d0534f740e277be0bbd1abd36a6b8b3bc9d791d1e765c02cab25180b70fc3c9c3e71
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 636 wrote to memory of 1480 636 rundll32.exe rundll32.exe PID 636 wrote to memory of 1480 636 rundll32.exe rundll32.exe PID 636 wrote to memory of 1480 636 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c0ec7a291999dd1806fe4422a7224aacbee0b93be4bb6636f575963e4f1a8300.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c0ec7a291999dd1806fe4422a7224aacbee0b93be4bb6636f575963e4f1a8300.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1480-114-0x0000000000000000-mapping.dmp