Overview

overview

10

Static

static

10

964-54-0x0...ry.dll

windows7-x64

3

964-54-0x0...ry.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    45s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    04-10-2022 15:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    964-54-0x0000000180000000-0x0000000180009000-memory.dll

  • Size

    36KB

  • MD5

    063218fc08e3123a3f2217db820b170d

  • SHA1

    aa11032a2ed8d20b9364c6a3b869307ec1aa026d

  • SHA256

    3df18c9fd9731cb2b9f862d2bd4745c5371265971a7740d1593f776dfe72d798

  • SHA512

    4598796ae2e3a5eda16a1fda3624c37490f1e401b9fba878da3fc57fb512ef2f801202560b984c9373f6358c954f9874a1d1e7fdfc79eb16ea1b1c14a7082657

  • SSDEEP

    192:hHVMfa7TTCjJSixzPSAA56RCK7Yu/VPgwdhuXBAQYfPq/3Kb4:h1Mf0gJSix2AA56RCiZV2GQYnq/6b

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\964-54-0x0000000180000000-0x0000000180009000-memory.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1284
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1284 -s 56
      2⤵
      • Program crash
      PID:820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/820-54-0x0000000000000000-mapping.dmp
    Download