Analysis
-
max time kernel
36s -
max time network
46s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
18-05-2021 10:25
Static task
static1
Behavioral task
behavioral1
Sample
8b0fd44215cabd8b5896f6f29da22667e39ae48b8deb16c1604eb174b7d09250.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
8b0fd44215cabd8b5896f6f29da22667e39ae48b8deb16c1604eb174b7d09250.dll
-
Size
1.0MB
-
MD5
078b6e44185ed6c9df9f5eed7de53a85
-
SHA1
68032ad683b293ffaff73415787863399f7a2d2f
-
SHA256
8b0fd44215cabd8b5896f6f29da22667e39ae48b8deb16c1604eb174b7d09250
-
SHA512
d6285636a781b88420da0f7c115c67f6c0c074a37e75519d123dedee4f1193b3721a2854b7e7f61f43b9187817b79d9ba70311523967e3e5ddf193505c11ba61
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 656 wrote to memory of 1376 656 rundll32.exe rundll32.exe PID 656 wrote to memory of 1376 656 rundll32.exe rundll32.exe PID 656 wrote to memory of 1376 656 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8b0fd44215cabd8b5896f6f29da22667e39ae48b8deb16c1604eb174b7d09250.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8b0fd44215cabd8b5896f6f29da22667e39ae48b8deb16c1604eb174b7d09250.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1376-114-0x0000000000000000-mapping.dmp