Overview

overview

3

Static

static

wow64_micr...xe.dll

windows7-x64

1

wow64_micr...xe.dll

windows10-2004-x64

1

wow64_micr...xe.dll

windows7-x64

1

wow64_micr...xe.dll

windows10-2004-x64

1

wow64_micr...xe.dll

windows7-x64

1

wow64_micr...xe.dll

windows10-2004-x64

1

wow64_micr...xe.dll

windows7-x64

1

wow64_micr...xe.dll

windows10-2004-x64

1

wow64_micr...xe.dll

windows7-x64

1

wow64_micr...xe.dll

windows10-2004-x64

1

wow64_micr...st.exe

windows7-x64

wow64_micr...st.exe

windows10-2004-x64

wow64_micr...es.dll

windows7-x64

1

wow64_micr...es.dll

windows10-2004-x64

1

wow64_micr...se.dll

windows7-x64

1

wow64_micr...se.dll

windows10-2004-x64

1

wow64_micr...in.dll

windows7-x64

1

wow64_micr...in.dll

windows10-2004-x64

3

wow64_micr...ts.dll

windows7-x64

1

wow64_micr...ts.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    75s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-09-2022 06:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wow64_microsoft-windows-s..ertificates-utility_31bf3856ad364e35_10.0.22621.1_none_f4e8223852c8cdb8_fvecerts.dll

  • Size

    21KB

  • MD5

    d96c05b0f4f7770e8758671afcba84a3

  • SHA1

    5541120414fcba136f964406cd0bdb50520e0f4e

  • SHA256

    ac01aa5f81bbc997dff6089ad665ed1a506fed7d863ac68af5d3c16aaf1ae3f7

  • SHA512

    12cb2b5550abf60fb0551acd637a237fe38c74fe36de79d26005d994ca23ec40ef3ad47312244d47cd80c741db0a253440a7fef49b23daeb82782f24bb2ba3b1

  • SSDEEP

    384:2JXvhf3t7MCVNTlrlk7GgGlZ+mVsroXqAmpWmoHLqrQJNYWwvWOG:+fdTHlrlk7GnbyX3rQJNSI

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\wow64_microsoft-windows-s..ertificates-utility_31bf3856ad364e35_10.0.22621.1_none_f4e8223852c8cdb8_fvecerts.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1652
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\wow64_microsoft-windows-s..ertificates-utility_31bf3856ad364e35_10.0.22621.1_none_f4e8223852c8cdb8_fvecerts.dll,#1
      2⤵
        PID:4660

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4660-135-0x0000000000000000-mapping.dmp

      Download