Overview

overview

10

Static

static

10

f9d9a87e00...da.dll

windows7_x64

1

f9d9a87e00...da.dll

windows10_x64

10

Analysis

  • max time kernel
    137s
  • max time network
    168s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    24-01-2022 00:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f9d9a87e00ec85047f0a85828cf5fb137c3e129ea172c3b5fa9058c2748014da.dll

  • Size

    166KB

  • MD5

    9b6fd908b479e506b97036d8cd655db4

  • SHA1

    ccf5d1df83fba4f013a56b589d1d5ee5e4e761f2

  • SHA256

    f9d9a87e00ec85047f0a85828cf5fb137c3e129ea172c3b5fa9058c2748014da

  • SHA512

    4ed0cedc753112b0e6a9238c1a709e1a8966b8d470c55ddc59b6cc262e9a7bc59c8542a68a9c74313401c27d712b5fb6060ea30dd1620221a64b0ae05d2a82b3

Score
10/10

Malware Config

Signatures

  • Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9d9a87e00ec85047f0a85828cf5fb137c3e129ea172c3b5fa9058c2748014da.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4064
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9d9a87e00ec85047f0a85828cf5fb137c3e129ea172c3b5fa9058c2748014da.dll,#1
      2⤵
        PID:4020
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 868
          3⤵
          • Suspicious use of NtCreateProcessExOtherParentProcess
          • Program crash
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:4168

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4020-117-0x0000000000BD0000-0x0000000000BD1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4020-116-0x0000000000BC0000-0x0000000000BCA000-memory.dmp
      Filesize

      40KB

      Download
    • memory/4020-118-0x0000000001120000-0x0000000001143000-memory.dmp
      Filesize

      140KB

      Download