6b2e4c9b0579938ce73bd39874b58a8f67c24f49a188f1f0ae6bcde26fb8b084 | Triage

Analysis

max time kernel
41s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-11-2022 21:42

Sharing

Report Analysis Logs

General

Target

BOiQKiECaUzWqF.dll
Size

885KB
MD5

df097341b231b1f68d9447a8a36f367b
SHA1

ef1bf0b295ff089febb3e4362d7c0d46431de842
SHA256

9bb35cecb773eb4a9545820b8328ccebc07843ec2cdfa60f2a1f78c90489d5b1
SHA512

a13dab104405ed2305b14a9b79eacbbcca66f98147841c2696bf1cea2849664c033f082f355380f4b245111283697219e1dfd0ce42f6919e27197c488e824714
SSDEEP

24576:aLqITcNf0GMRydz8bUdO9Uf4fj80xAwpncebwRbc:YqIghyYzmWyFFp1w

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
836	1668	WerFault.exe	15

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 836	1668	rundll32.exe	27
PID 1668 wrote to memory of 836	1668	rundll32.exe	27
PID 1668 wrote to memory of 836	1668	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\BOiQKiECaUzWqF.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1668 -s 84
  2⤵
  - Program crash
  PID:836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads