Analysis
-
max time kernel
46s -
max time network
69s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
18-05-2021 12:44
Static task
static1
Behavioral task
behavioral1
Sample
e7afd6e83e2191b945771eeaf4915a865ff4f0a704bf8cfa4395f60466eba645.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
e7afd6e83e2191b945771eeaf4915a865ff4f0a704bf8cfa4395f60466eba645.dll
-
Size
725KB
-
MD5
8b604e09fdbae6bb46e682dd68fe9fc3
-
SHA1
7372fffe22d5c048d63627a513f334525ece0dcc
-
SHA256
e7afd6e83e2191b945771eeaf4915a865ff4f0a704bf8cfa4395f60466eba645
-
SHA512
1d0adaf8ca4f79b473f9e8e71bda1e7a953729d0b32f4b6a9cde655936fe0d021d50ee1cdad199d7107803678339c7aa7a6968ddf62604b50f8358b0ba1eb3d9
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 796 wrote to memory of 1192 796 rundll32.exe rundll32.exe PID 796 wrote to memory of 1192 796 rundll32.exe rundll32.exe PID 796 wrote to memory of 1192 796 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e7afd6e83e2191b945771eeaf4915a865ff4f0a704bf8cfa4395f60466eba645.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e7afd6e83e2191b945771eeaf4915a865ff4f0a704bf8cfa4395f60466eba645.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1192-114-0x0000000000000000-mapping.dmp