Analysis
-
max time kernel
37s -
max time network
129s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
18-05-2021 11:38
Static task
static1
Behavioral task
behavioral1
Sample
e9b1b871c7ee047bab8a2d03d832a1ed035b101cacd8eecece205f66fc659ac3.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
e9b1b871c7ee047bab8a2d03d832a1ed035b101cacd8eecece205f66fc659ac3.dll
-
Size
948KB
-
MD5
7240a8948ec57f99eaaf0f1f8a0fdbe1
-
SHA1
1ba980e50f65d71080e23bac41fc2eb717139b20
-
SHA256
e9b1b871c7ee047bab8a2d03d832a1ed035b101cacd8eecece205f66fc659ac3
-
SHA512
aba527446015c6846a38ddd262e2f0183034b67dd6341c57f468551ad25bdf6c5044b940e6ac5ad6b63ae521d21e44553aa702016f77c60668f9e60c6fa6e62f
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 648 wrote to memory of 1548 648 rundll32.exe rundll32.exe PID 648 wrote to memory of 1548 648 rundll32.exe rundll32.exe PID 648 wrote to memory of 1548 648 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e9b1b871c7ee047bab8a2d03d832a1ed035b101cacd8eecece205f66fc659ac3.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e9b1b871c7ee047bab8a2d03d832a1ed035b101cacd8eecece205f66fc659ac3.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1548-114-0x0000000000000000-mapping.dmp