Overview

overview

10

Static

static

10

9a3272b007...0a.dll

windows7_x64

3

9a3272b007...0a.dll

windows10-2004_x64

3

Analysis

  • max time kernel
    45s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    07-06-2022 03:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9a3272b007dd5ecdaf7418403c03eadbd253e2927e83859ae78740f28bda890a.dll

  • Size

    203KB

  • MD5

    1d8d086225b094ee00f3f4ef466cec6b

  • SHA1

    64a9a1eb833809ceaa756c83cec4e2cc93e509a8

  • SHA256

    9a3272b007dd5ecdaf7418403c03eadbd253e2927e83859ae78740f28bda890a

  • SHA512

    fe977bafa9e19319802f64f44a14bd0ecbec78d8478cdfff00029c9170fd88d1b92fca35b7e19a83af6269636f6403c0a145b78d8f63844cf17f56b5ea180a35

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a3272b007dd5ecdaf7418403c03eadbd253e2927e83859ae78740f28bda890a.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:892
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a3272b007dd5ecdaf7418403c03eadbd253e2927e83859ae78740f28bda890a.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1788
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 232
        3⤵
        • Program crash
        PID:620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/620-56-0x0000000000000000-mapping.dmp
    Download
  • memory/1788-54-0x0000000000000000-mapping.dmp
    Download
  • memory/1788-55-0x00000000763B1000-0x00000000763B3000-memory.dmp
    Filesize

    8KB

    Download