Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
18-05-2021 10:45
Static task
static1
Behavioral task
behavioral1
Sample
bee4ca20ff6202b6107d6b2dab6d2607193933a61d999b9dc4d0d3f1f30973c1.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
bee4ca20ff6202b6107d6b2dab6d2607193933a61d999b9dc4d0d3f1f30973c1.dll
-
Size
939KB
-
MD5
1d83eab43b101ad4b0af24f3103ad42b
-
SHA1
e770fc5ae2fe4184616c32e0fa6c782a6155e9ef
-
SHA256
bee4ca20ff6202b6107d6b2dab6d2607193933a61d999b9dc4d0d3f1f30973c1
-
SHA512
41e0b749c199d4279c421b0472d272a4050671a8439bd1e6ecbe530199c4ea131cb8fa92982ae8f21957a46a557e304bb76d1227fc46b8572208ae73a9464c2f
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 512 wrote to memory of 4020 512 rundll32.exe rundll32.exe PID 512 wrote to memory of 4020 512 rundll32.exe rundll32.exe PID 512 wrote to memory of 4020 512 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bee4ca20ff6202b6107d6b2dab6d2607193933a61d999b9dc4d0d3f1f30973c1.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bee4ca20ff6202b6107d6b2dab6d2607193933a61d999b9dc4d0d3f1f30973c1.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4020-114-0x0000000000000000-mapping.dmp