Analysis
-
max time kernel
125s -
max time network
125s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
26-10-2021 14:22
Behavioral task
behavioral1
Sample
3d0173f7601169b76be9073a46c7f81335c19bcedb07aae411e3c8ff257d46b0.bin.dll
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
3d0173f7601169b76be9073a46c7f81335c19bcedb07aae411e3c8ff257d46b0.bin.dll
Resource
win10-en-20211014
windows10_x64
0 signatures
0 seconds
General
-
Target
3d0173f7601169b76be9073a46c7f81335c19bcedb07aae411e3c8ff257d46b0.bin.dll
-
Size
54KB
-
MD5
54ce84a286edaa47770e16d28b2f6d4c
-
SHA1
2b1fa03645cb1a5488ba8196389a1c899c48231e
-
SHA256
3d0173f7601169b76be9073a46c7f81335c19bcedb07aae411e3c8ff257d46b0
-
SHA512
bfc30ce682a5f0a2b31ab27d52b3119b8d35f5a888ca71c5b179e573c9be9aed1b78ce70730e9e4b28d97b8e649357e7f7d5cf946cd0b157445e8218cb460ef2
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2640 wrote to memory of 2700 2640 rundll32.exe rundll32.exe PID 2640 wrote to memory of 2700 2640 rundll32.exe rundll32.exe PID 2640 wrote to memory of 2700 2640 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3d0173f7601169b76be9073a46c7f81335c19bcedb07aae411e3c8ff257d46b0.bin.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3d0173f7601169b76be9073a46c7f81335c19bcedb07aae411e3c8ff257d46b0.bin.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2700-115-0x0000000000000000-mapping.dmp