Analysis
-
max time kernel
130s -
max time network
135s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
18-05-2021 13:06
Static task
static1
Behavioral task
behavioral1
Sample
c1c986e488efe789e6a6e74f254cacd42b8e6244c81d11569fa7e71a1d44ab6c.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
c1c986e488efe789e6a6e74f254cacd42b8e6244c81d11569fa7e71a1d44ab6c.dll
-
Size
1006KB
-
MD5
6a3b8acbe7cea8377da421b9dbbcf31a
-
SHA1
93b80e8c351209a8b82ed81785228dddd998964f
-
SHA256
c1c986e488efe789e6a6e74f254cacd42b8e6244c81d11569fa7e71a1d44ab6c
-
SHA512
89c1a86be7b23198db405608301c9161c181278b11ea1318b96869c2b850c8921692a84d249208e34cf90e4431782dddcc76399cc23729618da7312037196534
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3892 wrote to memory of 3160 3892 rundll32.exe rundll32.exe PID 3892 wrote to memory of 3160 3892 rundll32.exe rundll32.exe PID 3892 wrote to memory of 3160 3892 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c1c986e488efe789e6a6e74f254cacd42b8e6244c81d11569fa7e71a1d44ab6c.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c1c986e488efe789e6a6e74f254cacd42b8e6244c81d11569fa7e71a1d44ab6c.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3160-114-0x0000000000000000-mapping.dmp