Analysis

  • max time kernel
    35s
  • max time network
    120s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    30-06-2021 19:48

General

  • Target

    idu567.tmp.dll

  • Size

    1.6MB

  • MD5

    18c3793f2df5ae48b55a9a1825b1c1fb

  • SHA1

    8e90dc300bb91dd6ce57566116b156e3473cf646

  • SHA256

    43e35aa1486b2cd51237520eb1b0b02fb46f0f3b135622e66b7438684429441c

  • SHA512

    1ebe4bbb0fd571e5d712e52b47012de1eb587008a59e1e1f3fe69ae8a9637e5466d9d8c2c0887d733734f77909e5530307c564b2218b895b88657455e49a47a0

Score
10/10

Malware Config

Signatures

  • DarkVNC

    DarkVNC is a malicious version of the famous VNC software.

  • DarkVNC Payload 3 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\idu567.tmp.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4796
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\idu567.tmp.dll,#1
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:4868
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe
        3⤵
          PID:2432

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2432-121-0x00000195FA8A0000-0x00000195FAB99000-memory.dmp

      Filesize

      3.0MB

    • memory/2432-120-0x00000195FA750000-0x00000195FA751000-memory.dmp

      Filesize

      4KB

    • memory/4868-115-0x0000000073660000-0x00000000736EA000-memory.dmp

      Filesize

      552KB

    • memory/4868-116-0x0000000073660000-0x00000000738A3000-memory.dmp

      Filesize

      2.3MB

    • memory/4868-117-0x0000000003470000-0x0000000003471000-memory.dmp

      Filesize

      4KB