Overview

overview

3

Static

static

e80ff95c9c...64.dll

windows7-x64

1

e80ff95c9c...64.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    123s
  • max time network
    171s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/10/2022, 10:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e80ff95c9cc9c077dad34cd652a96f83e9efd1c4f9714487fd51c721fc836e64.dll

  • Size

    112KB

  • MD5

    67000d63ed691b539bb95535cfe76114

  • SHA1

    7228d02f9e01adfd40a5cd1e005926f8a99263a5

  • SHA256

    e80ff95c9cc9c077dad34cd652a96f83e9efd1c4f9714487fd51c721fc836e64

  • SHA512

    6cfedeb20a40f044cf89138a227f959875a2ce063985560fc7f120ce2ef55795ad27edd43616f74bcfa3d445508ea9cb27bda0e1ad6dd37a323c48b025d02f99

  • SSDEEP

    3072:+gAG47YsyLGiB4Xu8Q5ddAPbbcSezwU861Iz:+gA7YsyyZe4PcVwFl

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\e80ff95c9cc9c077dad34cd652a96f83e9efd1c4f9714487fd51c721fc836e64.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3472
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\e80ff95c9cc9c077dad34cd652a96f83e9efd1c4f9714487fd51c721fc836e64.dll,#1
      2⤵
        PID:2132
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 644
          3⤵
          • Program crash
          PID:384
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2132 -ip 2132
      1⤵
        PID:3820

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads