43a1c18af9fd05064e90c71f096262524ca181aa98df211c2365396067e9994b | Triage

Analysis

max time kernel
38s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-09-2022 18:29

Sharing

Report Analysis Logs

General

Target

uOAxPaiprCVzvn.dll
Size

3.6MB
MD5

60658cdb2f273a1a9c18ee8ff5118112
SHA1

d4665150bec840c6e8be62c2c6cdebc42ef5ea19
SHA256

ded7c0c21ca7f16e70ed2b1a774bab54019d6b3fb865677eba254edeafd7b91e
SHA512

05989c1aefce87569dfe31de09507ec965123e8b776db237c8c974cebe8c5c275858ccfbcec3124e5fc0450442afac0d2a08cee3919ac9bc68e19c06128c46e6
SSDEEP

24576:Q4kkbEgHWUYr/Ql/V6+Zr0dyFMftqscMOdIYro8u6c4KCtrw9:QhkbEg29sl6O

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1940	1960	WerFault.exe	15

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 1940	1960	rundll32.exe	26
PID 1960 wrote to memory of 1940	1960	rundll32.exe	26
PID 1960 wrote to memory of 1940	1960	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\uOAxPaiprCVzvn.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1960 -s 84
  2⤵
  - Program crash
  PID:1940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads