Analysis
-
max time kernel
123s -
max time network
124s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
18-05-2021 11:20
Static task
static1
Behavioral task
behavioral1
Sample
f6e0763e3c9db26baa65ed285f8df7514f323cce672079b09adf4dd768a45d7f.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
f6e0763e3c9db26baa65ed285f8df7514f323cce672079b09adf4dd768a45d7f.dll
-
Size
718KB
-
MD5
a66cfed7ededd6f84802f5a07e03a4df
-
SHA1
acc42485ac325f129d8c6afff591d66c6dc78672
-
SHA256
f6e0763e3c9db26baa65ed285f8df7514f323cce672079b09adf4dd768a45d7f
-
SHA512
1ea418d30910f092d33270c83d82387c86ad1247f15063dc36b54a5b50ac21044d820d5f4be108c166f1f1dc0fe529f87f3d74644131a485de8d456124f102df
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 348 wrote to memory of 3192 348 rundll32.exe rundll32.exe PID 348 wrote to memory of 3192 348 rundll32.exe rundll32.exe PID 348 wrote to memory of 3192 348 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f6e0763e3c9db26baa65ed285f8df7514f323cce672079b09adf4dd768a45d7f.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f6e0763e3c9db26baa65ed285f8df7514f323cce672079b09adf4dd768a45d7f.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3192-114-0x0000000000000000-mapping.dmp