Analysis
-
max time kernel
138s -
max time network
143s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
18-05-2021 07:59
Static task
static1
Behavioral task
behavioral1
Sample
753ca3b7402951cc450c1469e30d37fb909ce9b28c2a537b5899e5cc9fe61f24.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
753ca3b7402951cc450c1469e30d37fb909ce9b28c2a537b5899e5cc9fe61f24.dll
-
Size
666KB
-
MD5
db47339ccdb00c5fd9e6d2b911ade3b9
-
SHA1
f68eaa8c7e3f7dfa921b77d07cd2d3d470e7f058
-
SHA256
753ca3b7402951cc450c1469e30d37fb909ce9b28c2a537b5899e5cc9fe61f24
-
SHA512
a8809a7383b11cebb150872933b87f896b43ed77fedce7d8419b21424553418f2c49a953fcb2f80172ad44efd12e43b141607cda2cbe5cc88c1068cefb6b7241
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3616 wrote to memory of 3024 3616 rundll32.exe rundll32.exe PID 3616 wrote to memory of 3024 3616 rundll32.exe rundll32.exe PID 3616 wrote to memory of 3024 3616 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\753ca3b7402951cc450c1469e30d37fb909ce9b28c2a537b5899e5cc9fe61f24.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\753ca3b7402951cc450c1469e30d37fb909ce9b28c2a537b5899e5cc9fe61f24.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3024-114-0x0000000000000000-mapping.dmp