Analysis
-
max time kernel
36s -
max time network
49s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
18-05-2021 11:57
Static task
static1
Behavioral task
behavioral1
Sample
1ca4ab13a9181f897702dbee23a154d8f552bb147d39c2dee3f0e1f3d9a444a9.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
1ca4ab13a9181f897702dbee23a154d8f552bb147d39c2dee3f0e1f3d9a444a9.dll
-
Size
1013KB
-
MD5
afbd34604bd8366e510f4f61cd3df112
-
SHA1
16193d2e0bee2d99ad62f91d92177f8730601e55
-
SHA256
1ca4ab13a9181f897702dbee23a154d8f552bb147d39c2dee3f0e1f3d9a444a9
-
SHA512
5d9db070e7cb2c5a3dc7189c71aac849aea08bf93828c370819ff4c34d74cea0662e3baad2cdb62987999f4679fd261524b0d54296d7ee726229b0337ca25027
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 804 wrote to memory of 1556 804 rundll32.exe rundll32.exe PID 804 wrote to memory of 1556 804 rundll32.exe rundll32.exe PID 804 wrote to memory of 1556 804 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1ca4ab13a9181f897702dbee23a154d8f552bb147d39c2dee3f0e1f3d9a444a9.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1ca4ab13a9181f897702dbee23a154d8f552bb147d39c2dee3f0e1f3d9a444a9.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1556-114-0x0000000000000000-mapping.dmp