Analysis
-
max time kernel
95s -
max time network
117s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
18-05-2021 08:09
Static task
static1
Behavioral task
behavioral1
Sample
a360492ba0d3bb8319a9ec6d014d41fc9d03a2c3d21c0f48e9eda6844807bd1c.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
a360492ba0d3bb8319a9ec6d014d41fc9d03a2c3d21c0f48e9eda6844807bd1c.dll
-
Size
863KB
-
MD5
565a2c3aaa8d3f3dfc3e936800caf628
-
SHA1
3b103c5c3a7b95dc89a9568436c9a1a8b2d9048f
-
SHA256
a360492ba0d3bb8319a9ec6d014d41fc9d03a2c3d21c0f48e9eda6844807bd1c
-
SHA512
5011231c69583cc2843298dd996fdd93ddd6290b5182199c5fc108941ba89a8bb8b1ccbe444ad01df3038df07edc2cb6cccf1839968c60633e327e04b57aba2e
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4008 wrote to memory of 648 4008 rundll32.exe rundll32.exe PID 4008 wrote to memory of 648 4008 rundll32.exe rundll32.exe PID 4008 wrote to memory of 648 4008 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a360492ba0d3bb8319a9ec6d014d41fc9d03a2c3d21c0f48e9eda6844807bd1c.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a360492ba0d3bb8319a9ec6d014d41fc9d03a2c3d21c0f48e9eda6844807bd1c.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/648-114-0x0000000000000000-mapping.dmp