Analysis

  • max time kernel
    93s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-10-2022 20:04

General

  • Target

    53072a24e3b1f2fe1816db6e385fa99103cd0516cff666af8779a929dc32543a.dll

  • Size

    392KB

  • MD5

    002054a312db2f55beff69ca1f7c2740

  • SHA1

    fc091b63b6e4a8e44e2b410aa97379184f952f28

  • SHA256

    53072a24e3b1f2fe1816db6e385fa99103cd0516cff666af8779a929dc32543a

  • SHA512

    1de93a22ddd2577afbc08570b60c7ea4219cead9605dc11ae71b5c1a845005774493c79e879738f46111d707ec9bbea34e9842d9d91961917ca3cce69b9c8d7c

  • SSDEEP

    12288:0Im/AaYTxHj5VHkFf0PXtWhwUQtmO5zlCSCUXt:0Im/AzHj5mw9KwEOdlaU

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in System32 directory 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\53072a24e3b1f2fe1816db6e385fa99103cd0516cff666af8779a929dc32543a.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1600
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\53072a24e3b1f2fe1816db6e385fa99103cd0516cff666af8779a929dc32543a.dll,#1
      2⤵
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:4736
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        PID:3176
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 264
          4⤵
          • Program crash
          PID:1160
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 3176 -ip 3176
    1⤵
      PID:4480

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\rundll32mgr.exe

      Filesize

      105KB

      MD5

      00260063013db3be7280fe6c8bebcdee

      SHA1

      5a8726718029414951def556bdb685d8295a72aa

      SHA256

      8fddaaf95eddde603fe991804addbe202f908c291d02f63108bf111ff73b2914

      SHA512

      802c81f12d5d06c8facf8c86c1f1f9a65673cefb59d87eb562e1126175ec7f3d6ee8c082eec7297566568150304899c64f9d7fb597307e7a7056a2f5258e211b

    • C:\Windows\SysWOW64\rundll32mgr.exe

      Filesize

      105KB

      MD5

      00260063013db3be7280fe6c8bebcdee

      SHA1

      5a8726718029414951def556bdb685d8295a72aa

      SHA256

      8fddaaf95eddde603fe991804addbe202f908c291d02f63108bf111ff73b2914

      SHA512

      802c81f12d5d06c8facf8c86c1f1f9a65673cefb59d87eb562e1126175ec7f3d6ee8c082eec7297566568150304899c64f9d7fb597307e7a7056a2f5258e211b

    • memory/3176-133-0x0000000000000000-mapping.dmp

    • memory/3176-136-0x0000000000400000-0x0000000000465000-memory.dmp

      Filesize

      404KB

    • memory/4736-132-0x0000000000000000-mapping.dmp