Overview

overview

3

Static

static

3

a9ff74f962...7a.dll

windows7-x64

1

a9ff74f962...7a.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    113s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-04-2024 01:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a9ff74f9623544436a4ef08709bcc8c595e7df0ae61b82f5f46cbb0e7652f17a.dll

  • Size

    3KB

  • MD5

    b38b2c643b5445d3fb1d652fd761b652

  • SHA1

    8fc721339a522188c42dc923b12b70051c7d64d3

  • SHA256

    a9ff74f9623544436a4ef08709bcc8c595e7df0ae61b82f5f46cbb0e7652f17a

  • SHA512

    a1a0c8dc0fee8cc6e1a5be79d4ca973127696086334bd85c66bb23b5536d0153ea30c04c7d32992bc3a86df4211696c1c29fa18c31650e7854ff152b32f3f787

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a9ff74f9623544436a4ef08709bcc8c595e7df0ae61b82f5f46cbb0e7652f17a.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3988
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\a9ff74f9623544436a4ef08709bcc8c595e7df0ae61b82f5f46cbb0e7652f17a.dll,#1
      2⤵
        PID:5052
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3764 --field-trial-handle=3044,i,17059189006398306756,4247826696353232857,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:5060

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads