Overview

overview

3

Static

static

a79eb1046d...49.dll

windows7-x64

3

a79eb1046d...49.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    40s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01-12-2022 10:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a79eb1046d1b1e5f4cc3eab5444290c823f54caaec5d28ce6831b837e47c3349.dll

  • Size

    40KB

  • MD5

    86598e2c89eb85efdd01fd894913a6b6

  • SHA1

    972bbd3ae06821325627dd97c5af9116ff4284fb

  • SHA256

    a79eb1046d1b1e5f4cc3eab5444290c823f54caaec5d28ce6831b837e47c3349

  • SHA512

    6612f4f22d47421938e8205f2a45efe8d8361ca5376e71b48816155da9573e25a25502d55d71c69a6dd892c6a36262bcf231ee644f3034db01113cb70d93685d

  • SSDEEP

    768:8QHKX4xM6FATIN5CS14dSGmDYhC5GxEoD5A:8QMkATIN5z14U3DIsGyo

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a79eb1046d1b1e5f4cc3eab5444290c823f54caaec5d28ce6831b837e47c3349.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1888
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\a79eb1046d1b1e5f4cc3eab5444290c823f54caaec5d28ce6831b837e47c3349.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1884
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 228
        3⤵
        • Program crash
        PID:1448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1448-56-0x0000000000000000-mapping.dmp

    Download

  • memory/1884-54-0x0000000000000000-mapping.dmp

    Download

  • memory/1884-55-0x0000000075811000-0x0000000075813000-memory.dmp

    Filesize

    8KB

    Download