Analysis
-
max time kernel
85s -
max time network
134s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
18-05-2021 08:04
Static task
static1
Behavioral task
behavioral1
Sample
c8396b86827923d6817a127251efedec61fca36b8408d7c383388e945822f19b.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
c8396b86827923d6817a127251efedec61fca36b8408d7c383388e945822f19b.dll
-
Size
452KB
-
MD5
d5c834782f6fbdeb12c2d8d692084c3d
-
SHA1
8c280323774c7d5bf93ecdcf7809bd843cc96e41
-
SHA256
c8396b86827923d6817a127251efedec61fca36b8408d7c383388e945822f19b
-
SHA512
8de7900756839cde844af8ba87159d51156fc06ed3a2f3c18187209c8b2b984c1e1b332bfe461411b7ba87a7446990ee0869c773f50cfe36dc1471ce3e0bda19
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1496 wrote to memory of 2336 1496 rundll32.exe rundll32.exe PID 1496 wrote to memory of 2336 1496 rundll32.exe rundll32.exe PID 1496 wrote to memory of 2336 1496 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c8396b86827923d6817a127251efedec61fca36b8408d7c383388e945822f19b.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c8396b86827923d6817a127251efedec61fca36b8408d7c383388e945822f19b.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2336-114-0x0000000000000000-mapping.dmp