Analysis
-
max time kernel
121s -
max time network
178s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
10-09-2022 14:42
General
-
Target
packages/Program Files (x86)/VstPlugins/FL Studio VSTi.dll
-
Size
2.3MB
-
MD5
1c1cb10232e973e50a8f3ebdefdd838c
-
SHA1
bbe8e2f52d22609342ade9349e87319d81e82beb
-
SHA256
4cde6dc9770c903a931a6e23f4c5ddb6793772b53d233d3b33d2482a29272233
-
SHA512
852c553c1806f3058e234ffc1b2846ae0e9991ee587208bc1565c14d9625578f64008cdaccadd071f165c5cf8c550aeeff244013811d2403014f2a8aa5ac2508
-
SSDEEP
24576:gacqwzcGeFEYYena94frJXZfHZhR2OKu4r+MeTKirXGWdXg3uD02+KMwMn4xoIT5:1ocfHKt8KirXZw3I02+KMw+4dTb2iIO
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\packages\Program Files (x86)\VstPlugins\FL Studio VSTi.dll",#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\packages\Program Files (x86)\VstPlugins\FL Studio VSTi.dll",#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 6923⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4656 -ip 46561⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4656-132-0x0000000000000000-mapping.dmp
-
memory/4656-133-0x0000000001F70000-0x00000000021D3000-memory.dmpFilesize
2.4MB
-
memory/4656-134-0x0000000001F71000-0x0000000002159000-memory.dmpFilesize
1.9MB