Analysis
-
max time kernel
13s -
max time network
119s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
18-05-2021 12:47
Static task
static1
Behavioral task
behavioral1
Sample
981f2016fca94ac87569dfa68bd21bb132cee34b6a3cd2b9ac9ca4914c3f1880.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
981f2016fca94ac87569dfa68bd21bb132cee34b6a3cd2b9ac9ca4914c3f1880.dll
-
Size
852KB
-
MD5
afeef977b427a3de1b104bc3d2d9024a
-
SHA1
877679d55502a2f5d346f694c7939bec894f7fc5
-
SHA256
981f2016fca94ac87569dfa68bd21bb132cee34b6a3cd2b9ac9ca4914c3f1880
-
SHA512
d7726ad5f36cf2e7e9ecad6b2b948cdc8653ffddc5affe36b8bd59fa5d2fcef1e8ba2555ec4c3572e35cdc806913677553e0e900046180c71d997381ad6c9602
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3976 wrote to memory of 3852 3976 rundll32.exe rundll32.exe PID 3976 wrote to memory of 3852 3976 rundll32.exe rundll32.exe PID 3976 wrote to memory of 3852 3976 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\981f2016fca94ac87569dfa68bd21bb132cee34b6a3cd2b9ac9ca4914c3f1880.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\981f2016fca94ac87569dfa68bd21bb132cee34b6a3cd2b9ac9ca4914c3f1880.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3852-114-0x0000000000000000-mapping.dmp