Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
18-05-2021 11:10
Static task
static1
Behavioral task
behavioral1
Sample
c822a4ce6bbad6d9e3f25777f8b4a46bc263da91771f27d5c8310269676440ef.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
c822a4ce6bbad6d9e3f25777f8b4a46bc263da91771f27d5c8310269676440ef.dll
-
Size
454KB
-
MD5
50259c1b67b3ffd1486e4b6c0163efcd
-
SHA1
46695ecedd48e987e563e18e865d9501bddeaf95
-
SHA256
c822a4ce6bbad6d9e3f25777f8b4a46bc263da91771f27d5c8310269676440ef
-
SHA512
7933955a8acdd33f4df42aa28d7acb858ecac84d9d8629a07be67cc3174cb0aa053956dde985c1460cfebf5f6ec168618be0e4aa5507ada5ee2cf1913188ded7
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 512 wrote to memory of 4040 512 rundll32.exe rundll32.exe PID 512 wrote to memory of 4040 512 rundll32.exe rundll32.exe PID 512 wrote to memory of 4040 512 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c822a4ce6bbad6d9e3f25777f8b4a46bc263da91771f27d5c8310269676440ef.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c822a4ce6bbad6d9e3f25777f8b4a46bc263da91771f27d5c8310269676440ef.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4040-114-0x0000000000000000-mapping.dmp