Analysis
-
max time kernel
91s -
max time network
107s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
21-05-2022 14:57
General
-
Target
Perl510.dll
-
Size
924KB
-
MD5
dbf8b9ab8ae650d5b452240c0e9c90df
-
SHA1
1215872c6f7306d6ba14133eb706483f04445885
-
SHA256
9c7feb98fb5804f1f80dd03db1f84a06b68ea6043d2d34ab53edce82b83827b2
-
SHA512
f9ab16d7946f4dfab4abbe368d6863dbaa1e0c49b6b051ff44eecdf0053ee0d1204272b08ffc925d76335874ca1099ebebc84ba80be3aa9c9bd5e5007a62d3a9
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Perl510.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Perl510.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 6003⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3092 -ip 30921⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3092-130-0x0000000000000000-mapping.dmp
-
memory/3092-131-0x0000000077800000-0x00000000779A3000-memory.dmpFilesize
1.6MB
-
memory/3092-132-0x0000000077070000-0x0000000077285000-memory.dmpFilesize
2.1MB