Overview

overview

10

Static

static

10

c17325f409...aa.dll

windows7_x64

3

c17325f409...aa.dll

windows10-2004_x64

3

Analysis

  • max time kernel
    43s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    01-07-2022 05:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c17325f4097a9a8fc2a190262222c61acae2274dc8f5a377128ddbf24f4d07aa.dll

  • Size

    199KB

  • MD5

    8b39bbd8e55cd54357c35186250dc7c4

  • SHA1

    f86db1a9d1407b2f02284617de1c745ce2a41a5f

  • SHA256

    c17325f4097a9a8fc2a190262222c61acae2274dc8f5a377128ddbf24f4d07aa

  • SHA512

    9c3325e6819828a838aaf7b3df6db753b0761ec70ca5a7fec9bddc6f5b3d9a80d420e52b4fab7cbe2faf1da83dfd899226ea122b1362364f841ce1992c144756

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c17325f4097a9a8fc2a190262222c61acae2274dc8f5a377128ddbf24f4d07aa.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1984
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\c17325f4097a9a8fc2a190262222c61acae2274dc8f5a377128ddbf24f4d07aa.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1952
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 244
        3⤵
        • Program crash
        PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1952-54-0x0000000000000000-mapping.dmp
    Download
  • memory/1952-55-0x0000000075DB1000-0x0000000075DB3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2044-56-0x0000000000000000-mapping.dmp
    Download