a9fa8e8609872cdcea241e3aab726b02b124c82de4c77ad3c3722d7c6b93b9b5 | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
21-05-2022 19:23

Sharing

Report Analysis Logs

General

Target

a9fa8e8609872cdcea241e3aab726b02b124c82de4c77ad3c3722d7c6b93b9b5.dll
Size

26KB
MD5

bb40bbbd3b69e0eb802c42d2506b6754
SHA1

bf80e329cba134ccd96f9572d2c0bf250515c26e
SHA256

a9fa8e8609872cdcea241e3aab726b02b124c82de4c77ad3c3722d7c6b93b9b5
SHA512

712d114aa05d73246fb607039e8875db4f481050c00f1909dd9625b2ef35303976e7c96bc7b6ab861781458f33985bc679d88009a567103e6aadf334ea20b270

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

Processes:

rundll32.exe

pid process

900 rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1228 wrote to memory of 900	1228	rundll32.exe	rundll32.exe
PID 1228 wrote to memory of 900	1228	rundll32.exe	rundll32.exe
PID 1228 wrote to memory of 900	1228	rundll32.exe	rundll32.exe
PID 1228 wrote to memory of 900	1228	rundll32.exe	rundll32.exe
PID 1228 wrote to memory of 900	1228	rundll32.exe	rundll32.exe
PID 1228 wrote to memory of 900	1228	rundll32.exe	rundll32.exe
PID 1228 wrote to memory of 900	1228	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a9fa8e8609872cdcea241e3aab726b02b124c82de4c77ad3c3722d7c6b93b9b5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1228

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a9fa8e8609872cdcea241e3aab726b02b124c82de4c77ad3c3722d7c6b93b9b5.dll,#1
2⤵
- Deletes itself
PID:900

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/900-54-0x0000000000000000-mapping.dmp

Download
memory/900-55-0x00000000751C1000-0x00000000751C3000-memory.dmp

Filesize
8KB

Download