9b2e2365015a57836207c6c01ae9af5183d5f1dd26fce77909b1229585f57125

Analysis

max time kernel
47s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 20:35 UTC

Target

9b2e2365015a57836207c6c01ae9af5183d5f1dd26fce77909b1229585f57125.dll
Size

1012KB
MD5

02fd39c4639ff1fdd869ac836acde0f6
SHA1

670a2b04058d9e381acb1ecba99b75cc71fc6b60
SHA256

9b2e2365015a57836207c6c01ae9af5183d5f1dd26fce77909b1229585f57125
SHA512

226f5b4cfe8798d978fa08773e5049233971f0eb0a87ec6db7a82aa14d3c29c26a3bf34858e27ecd153faf7e10230f692107e5fb6a37fb101a98a70241f1db34
SSDEEP

6144:fS44s8Wkco+60cg75jF2ymYw4CJWk1EoEbC:qSls+lRFllCJJ

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
1344	rundll32.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\jmgiaerr.dll	rundll32.exe
File created	C:\Windows\SysWOW64\jmgiaerr.dll	rundll32.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b2e2365015a57836207c6c01ae9af5183d5f1dd26fce77909b1229585f57125.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b2e2365015a57836207c6c01ae9af5183d5f1dd26fce77909b1229585f57125.dll,#1
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - Modifies registry class
  PID:1344

\Windows\SysWOW64\jmgiaerr.dll

Filesize
1.9MB

MD5
ff4530daab134726bcee060782f64c64

SHA1
b913cdd5db5bb4ab6474313d4910056181e4e7ef

SHA256
0b65c17a0a96389241af8c065fa34b3be26501399fff5cfe83919b623c613fd8

SHA512
b499b5fa1e24a5eb611058d3bea8abc8be7d6c328e1115bf33511732aac0bbc3d61f38d41adfb889f3952c9ad6b56b1f52699b0d2fd8d021b81870097446c2d7

Download Submit
memory/1344-55-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download
memory/1344-57-0x00000000001C0000-0x0000000000218000-memory.dmp

Filesize
352KB

Download
memory/1344-64-0x00000000000B0000-0x00000000000B7000-memory.dmp

Filesize
28KB

Download
memory/1344-69-0x0000000000220000-0x000000000025E000-memory.dmp

Filesize
248KB

Download
memory/1344-71-0x0000000000290000-0x00000000002E8000-memory.dmp

Filesize
352KB

Download
memory/1344-78-0x0000000000260000-0x0000000000267000-memory.dmp

Filesize
28KB

Download