Analysis
-
max time kernel
35s -
max time network
120s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
30-06-2021 19:48
General
-
Target
idu567.tmp.dll
-
Size
1.6MB
-
MD5
18c3793f2df5ae48b55a9a1825b1c1fb
-
SHA1
8e90dc300bb91dd6ce57566116b156e3473cf646
-
SHA256
43e35aa1486b2cd51237520eb1b0b02fb46f0f3b135622e66b7438684429441c
-
SHA512
1ebe4bbb0fd571e5d712e52b47012de1eb587008a59e1e1f3fe69ae8a9637e5466d9d8c2c0887d733734f77909e5530307c564b2218b895b88657455e49a47a0
Score
10/10
Malware Config
Signatures
-
DarkVNC
DarkVNC is a malicious version of the famous VNC software.
-
DarkVNC Payload 3 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\idu567.tmp.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\idu567.tmp.dll,#12⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe3⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2432-118-0x0000000000000000-mapping.dmp
-
memory/2432-121-0x00000195FA8A0000-0x00000195FAB99000-memory.dmpFilesize
3.0MB
-
memory/2432-120-0x00000195FA750000-0x00000195FA751000-memory.dmpFilesize
4KB
-
memory/4868-114-0x0000000000000000-mapping.dmp
-
memory/4868-115-0x0000000073660000-0x00000000736EA000-memory.dmpFilesize
552KB
-
memory/4868-116-0x0000000073660000-0x00000000738A3000-memory.dmpFilesize
2.3MB
-
memory/4868-117-0x0000000003470000-0x0000000003471000-memory.dmpFilesize
4KB