Analysis
-
max time kernel
36s -
max time network
54s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
18-05-2021 07:47
Static task
static1
Behavioral task
behavioral1
Sample
a402fbca905611db3b8d3e0e518ed70edcc71dd3703ed6594f244aad5e5ec309.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
a402fbca905611db3b8d3e0e518ed70edcc71dd3703ed6594f244aad5e5ec309.dll
-
Size
741KB
-
MD5
7c883afb9db0ab9dc3eda06afdfab410
-
SHA1
9bc87095631020e6facf6d7544e8cb4354b5ba4b
-
SHA256
a402fbca905611db3b8d3e0e518ed70edcc71dd3703ed6594f244aad5e5ec309
-
SHA512
7ac83d5ae8a45c4bea6c1f5b179926fe12881105c7e6531f7d4774197782304d87ab007aa078649f1ff5aba25c26ebf5c2d19d9e9c3ebd861a701fcf31263a86
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2988 wrote to memory of 948 2988 rundll32.exe rundll32.exe PID 2988 wrote to memory of 948 2988 rundll32.exe rundll32.exe PID 2988 wrote to memory of 948 2988 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a402fbca905611db3b8d3e0e518ed70edcc71dd3703ed6594f244aad5e5ec309.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a402fbca905611db3b8d3e0e518ed70edcc71dd3703ed6594f244aad5e5ec309.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/948-114-0x0000000000000000-mapping.dmp