Analysis
-
max time kernel
13s -
max time network
110s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
18-05-2021 13:11
Static task
static1
Behavioral task
behavioral1
Sample
3e03f863a3e50377028438fc791a1918dfeed6fa904cba817131355d87b0f258.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
3e03f863a3e50377028438fc791a1918dfeed6fa904cba817131355d87b0f258.dll
-
Size
436KB
-
MD5
3b33ad6fbc372432ac241106c967501a
-
SHA1
e6d14daf269e1c979e5dfe59eb74bd6b9e46d17c
-
SHA256
3e03f863a3e50377028438fc791a1918dfeed6fa904cba817131355d87b0f258
-
SHA512
f7c601909555ab88899c6c847bf9887316aec852e4088d92a114e3005f0f7fd73e72cb2ee316dc1fdbd46e810bf70f95fb273344761b3a5eb4cb02294a836061
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2208 wrote to memory of 496 2208 rundll32.exe rundll32.exe PID 2208 wrote to memory of 496 2208 rundll32.exe rundll32.exe PID 2208 wrote to memory of 496 2208 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3e03f863a3e50377028438fc791a1918dfeed6fa904cba817131355d87b0f258.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3e03f863a3e50377028438fc791a1918dfeed6fa904cba817131355d87b0f258.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/496-114-0x0000000000000000-mapping.dmp