Overview

overview

10

Static

static

10

add921ad49...ed.dll

windows7_x64

3

add921ad49...ed.dll

windows10-2004_x64

3

Analysis

  • max time kernel
    33s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    01-07-2022 14:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    add921ad49469bc917ec801ff341c3ae75b0d8227f9a021e012d11e61a486ced.dll

  • Size

    204KB

  • MD5

    e8c7ab1b9803790b955c6c7c8ea7ec65

  • SHA1

    0505f6dd1d54929e735bbe76d2c99694a8d481a6

  • SHA256

    add921ad49469bc917ec801ff341c3ae75b0d8227f9a021e012d11e61a486ced

  • SHA512

    6f61fcad9bd9e71f9e62b4632c93fce4bcac8fe3077677b7a0d614307403874aaf9bc6a005343b091d54aaf4840c34b1dd6d852b2e5d70a64531f7cad6657232

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\add921ad49469bc917ec801ff341c3ae75b0d8227f9a021e012d11e61a486ced.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1280
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\add921ad49469bc917ec801ff341c3ae75b0d8227f9a021e012d11e61a486ced.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2024
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 232
        3⤵
        • Program crash
        PID:1664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1664-56-0x0000000000000000-mapping.dmp
    Download
  • memory/2024-54-0x0000000000000000-mapping.dmp
    Download
  • memory/2024-55-0x00000000756E1000-0x00000000756E3000-memory.dmp
    Filesize

    8KB

    Download