Overview

overview

10

Static

static

10

3c0bf9bc0e...f1.dll

windows7_x64

3

3c0bf9bc0e...f1.dll

windows10-2004_x64

3

Analysis

  • max time kernel
    38s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    03-07-2022 08:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c0bf9bc0e966ddd5815b543b57d329a679d256b8604a03f4f0254dccc6f6ef1.dll

  • Size

    199KB

  • MD5

    4fe2b62d9b3ea999aef94d5cfc8158f1

  • SHA1

    eaa0e61560812a432287667e81eeb8070edfc830

  • SHA256

    3c0bf9bc0e966ddd5815b543b57d329a679d256b8604a03f4f0254dccc6f6ef1

  • SHA512

    47b1ddc2593100fbf5a039fb1a9337921cf4278eef0141af4071cd52bb2ae7da4212420d625a8a366b0e36aa0483ee8f95cf4af01fe4d66e01d69b1dbbdcc193

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c0bf9bc0e966ddd5815b543b57d329a679d256b8604a03f4f0254dccc6f6ef1.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1400
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c0bf9bc0e966ddd5815b543b57d329a679d256b8604a03f4f0254dccc6f6ef1.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1388
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 244
        3⤵
        • Program crash
        PID:240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/240-56-0x0000000000000000-mapping.dmp
    Download
  • memory/1388-54-0x0000000000000000-mapping.dmp
    Download
  • memory/1388-55-0x0000000075E41000-0x0000000075E43000-memory.dmp
    Filesize

    8KB

    Download