Analysis
-
max time kernel
142s -
max time network
143s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
18-05-2021 07:57
Static task
static1
Behavioral task
behavioral1
Sample
a2b3de3937c076678272908110ab5b994396cc3ece724b90c8a4e7948193be9c.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
a2b3de3937c076678272908110ab5b994396cc3ece724b90c8a4e7948193be9c.dll
-
Size
911KB
-
MD5
9242365a36c26263c21ec70aa0916fda
-
SHA1
01abe39c9955ffe4b0c197c97a21b5296c4fc125
-
SHA256
a2b3de3937c076678272908110ab5b994396cc3ece724b90c8a4e7948193be9c
-
SHA512
d1ddaa11679f0d876837adab4d38a1af4f5e5d5f17a8edd08cb4a990b810da0715d078ae78a7f952ec2f3043ea123af1886cbb5031b7d21184d1efefee6a424d
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 512 wrote to memory of 2276 512 rundll32.exe rundll32.exe PID 512 wrote to memory of 2276 512 rundll32.exe rundll32.exe PID 512 wrote to memory of 2276 512 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a2b3de3937c076678272908110ab5b994396cc3ece724b90c8a4e7948193be9c.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a2b3de3937c076678272908110ab5b994396cc3ece724b90c8a4e7948193be9c.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2276-114-0x0000000000000000-mapping.dmp