f9b7313bef7299ae65230408673301494adcbd71bbb726681b6cdd1d241f8e1f | Triage

Analysis

max time kernel
121s
max time network
141s
platform
windows10_x64
resource
win10-en-20211208
submitted
24-01-2022 00:41

Sharing

Report Analysis Logs

General

Target

f9b7313bef7299ae65230408673301494adcbd71bbb726681b6cdd1d241f8e1f.dll
Size

115KB
MD5

77c190d6eff1be7b709126dc1bbf6b06
SHA1

4ebe857ebcade6858165c090f613273a5f5f9e8e
SHA256

f9b7313bef7299ae65230408673301494adcbd71bbb726681b6cdd1d241f8e1f
SHA512

177ae0711fb57138554589ad405e30ad1f10b9006dc64d8e8305365d11d886cc3d8845bdb473da3b69d0eb9eb762f20943a7ba5fb3947edf5c283362b7d59863

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3924 wrote to memory of 3732	3924	rundll32.exe	rundll32.exe
PID 3924 wrote to memory of 3732	3924	rundll32.exe	rundll32.exe
PID 3924 wrote to memory of 3732	3924	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9b7313bef7299ae65230408673301494adcbd71bbb726681b6cdd1d241f8e1f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3924

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9b7313bef7299ae65230408673301494adcbd71bbb726681b6cdd1d241f8e1f.dll,#1
2⤵
PID:3732

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...