Analysis
-
max time kernel
50s -
max time network
61s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
18-05-2021 08:08
Static task
static1
Behavioral task
behavioral1
Sample
668cd5d5dd94fdaa745891f0883d2858a692cf2ee00f7ce72f751734e30f84a4.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
668cd5d5dd94fdaa745891f0883d2858a692cf2ee00f7ce72f751734e30f84a4.dll
-
Size
667KB
-
MD5
63cb5fd5731c8c93387c439616dc55c7
-
SHA1
ef4f186e6015c43ce944ccdbeabaff2dded9d4fd
-
SHA256
668cd5d5dd94fdaa745891f0883d2858a692cf2ee00f7ce72f751734e30f84a4
-
SHA512
b2db13745f93d28dd9144a82f24a9bf48b3450a45ade7541bee4688fe30dbfd8b94329c2521dcb4d61dbe79d126a55522193918432b0ca83dc56649f087322e0
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 380 wrote to memory of 1572 380 rundll32.exe rundll32.exe PID 380 wrote to memory of 1572 380 rundll32.exe rundll32.exe PID 380 wrote to memory of 1572 380 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\668cd5d5dd94fdaa745891f0883d2858a692cf2ee00f7ce72f751734e30f84a4.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\668cd5d5dd94fdaa745891f0883d2858a692cf2ee00f7ce72f751734e30f84a4.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1572-114-0x0000000000000000-mapping.dmp