9f07b4d361df4a1b71c08e3686c45af62069c776d652f8d055bd05c9eebd82f6 | Triage

Analysis

max time kernel
2s
max time network
1s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
19-01-2022 14:19

Sharing

Report Analysis Logs

General

Target

9f07b4d361df4a1b71c08e3686c45af62069c776d652f8d055bd05c9eebd82f6.dll
Size

628KB
MD5

1a12c2f532fc10f7ccbfac3cc235d194
SHA1

0fbd241ef0b044059b18d2a898fd0b86ebc3e783
SHA256

9f07b4d361df4a1b71c08e3686c45af62069c776d652f8d055bd05c9eebd82f6
SHA512

b87bc4d7737cae8dbd6295855f8e8e71ce1cf0a085231cbce984a324ce21c20adbd7f99a6feb137ddf3d955b0d3f8d4d7e153d428d5705e941b3f3a1b904dd78

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2992 wrote to memory of 3180	2992	rundll32.exe	rundll32.exe
PID 2992 wrote to memory of 3180	2992	rundll32.exe	rundll32.exe
PID 2992 wrote to memory of 3180	2992	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f07b4d361df4a1b71c08e3686c45af62069c776d652f8d055bd05c9eebd82f6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2992

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f07b4d361df4a1b71c08e3686c45af62069c776d652f8d055bd05c9eebd82f6.dll,#1
2⤵
PID:3180

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...