Analysis
-
max time kernel
46s -
max time network
57s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
18-05-2021 07:40
Static task
static1
Behavioral task
behavioral1
Sample
850d5c4d25c4164cb96f20cd5713c75892c9452833fcb588fde5c0eed8423ccb.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
850d5c4d25c4164cb96f20cd5713c75892c9452833fcb588fde5c0eed8423ccb.dll
-
Size
686KB
-
MD5
d8d9c0a0bc8e5615f6de3a99d4d78061
-
SHA1
b2ef3e4e168a977c50813cb7ca6dd2dffdd18b47
-
SHA256
850d5c4d25c4164cb96f20cd5713c75892c9452833fcb588fde5c0eed8423ccb
-
SHA512
fcbceaf8f122fe4a676c96dfea253b3e5521c6e7175b844564661da429a9aa917822ac76e969f2de32f5d5e70d26a97ed2232f288674477ed81a68221704a90d
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 900 wrote to memory of 1108 900 rundll32.exe rundll32.exe PID 900 wrote to memory of 1108 900 rundll32.exe rundll32.exe PID 900 wrote to memory of 1108 900 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\850d5c4d25c4164cb96f20cd5713c75892c9452833fcb588fde5c0eed8423ccb.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\850d5c4d25c4164cb96f20cd5713c75892c9452833fcb588fde5c0eed8423ccb.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1108-114-0x0000000000000000-mapping.dmp