Analysis
-
max time kernel
91s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
04/10/2022, 03:29
General
-
Target
0af6c657ed1f83d37794a81a079d9e7b105389ed83c9866e4fee3dc3339b10be.dll
-
Size
16KB
-
MD5
5c1629e63a49a8a2b52f09101ccfcaea
-
SHA1
0e521635cebd5760f3b49d592f4fdd7d2b75c080
-
SHA256
0af6c657ed1f83d37794a81a079d9e7b105389ed83c9866e4fee3dc3339b10be
-
SHA512
270abd373c0520ce8ae01970745c427ea3a9cd53de2f614eb842974afe8874bb4973802066c4a860dece9309f14520068b4487e94768e4a3dc9b4ddc2c65b4cb
-
SSDEEP
384:S9a7L+KQ6B1WiXZopmPgzXmRYElh1LB9RTlnXLRbzlh:SYW6rGpUIJmLNlXFbb
Score
8/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0af6c657ed1f83d37794a81a079d9e7b105389ed83c9866e4fee3dc3339b10be.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0af6c657ed1f83d37794a81a079d9e7b105389ed83c9866e4fee3dc3339b10be.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 6003⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3476 -ip 34761⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60KB