Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
18-05-2021 12:43
Static task
static1
Behavioral task
behavioral1
Sample
a57f21da2785014c9bafb6101c1d5a4c30404a4e8f0471610400374f4456cfbf.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
a57f21da2785014c9bafb6101c1d5a4c30404a4e8f0471610400374f4456cfbf.dll
-
Size
1002KB
-
MD5
3dfa424e87ef1785685fd60f77403568
-
SHA1
5e7907151feafab5674b68c352eb607799de3302
-
SHA256
a57f21da2785014c9bafb6101c1d5a4c30404a4e8f0471610400374f4456cfbf
-
SHA512
471a83da4f42f224cc3ceb5b95bb9bdc934ecee5f2e715dae3313aaf4ad58a864082e603da0af0b6c20c749bcaa963b05fc6dc368df4b392a81ecc9f40cf4ada
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4048 wrote to memory of 3940 4048 rundll32.exe rundll32.exe PID 4048 wrote to memory of 3940 4048 rundll32.exe rundll32.exe PID 4048 wrote to memory of 3940 4048 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a57f21da2785014c9bafb6101c1d5a4c30404a4e8f0471610400374f4456cfbf.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a57f21da2785014c9bafb6101c1d5a4c30404a4e8f0471610400374f4456cfbf.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3940-114-0x0000000000000000-mapping.dmp