Analysis
-
max time kernel
40s -
max time network
52s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
18-05-2021 10:05
Static task
static1
Behavioral task
behavioral1
Sample
f77b32aa1887057c2259aada167fa2c110e36833d7a1bb9e44c395febd23d5c9.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
f77b32aa1887057c2259aada167fa2c110e36833d7a1bb9e44c395febd23d5c9.dll
-
Size
1016KB
-
MD5
a73a5cbe89dabbb429a86d01e1a5b8ef
-
SHA1
15cf376cc3a4ccfaea9cde87d59ac6bd1c2e0db6
-
SHA256
f77b32aa1887057c2259aada167fa2c110e36833d7a1bb9e44c395febd23d5c9
-
SHA512
5a8d5ebc4d59517f0e127d94208012ca58627f13576f5bf7f582df6eba4b560f08fb39da32a2ddcc3beff3493081ab9546e80db7d439fb4b1a0325b2fe1f6a63
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 852 wrote to memory of 1472 852 rundll32.exe rundll32.exe PID 852 wrote to memory of 1472 852 rundll32.exe rundll32.exe PID 852 wrote to memory of 1472 852 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f77b32aa1887057c2259aada167fa2c110e36833d7a1bb9e44c395febd23d5c9.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f77b32aa1887057c2259aada167fa2c110e36833d7a1bb9e44c395febd23d5c9.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1472-114-0x0000000000000000-mapping.dmp