Overview

overview

8

Static

static

15bbdcd1a4...4b.dll

windows7-x64

8

15bbdcd1a4...4b.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    154s
  • max time network
    182s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/10/2022, 03:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15bbdcd1a4d23d2119891e165069cc5c37b72bde9baa0e45045edaca6a3ab74b.dll

  • Size

    184KB

  • MD5

    805fa39cd1587424d07921ec9dec4450

  • SHA1

    1da0db43a69a2949db7ace9877ec4e5eeb8211b6

  • SHA256

    15bbdcd1a4d23d2119891e165069cc5c37b72bde9baa0e45045edaca6a3ab74b

  • SHA512

    718d05cd3b0ebc688069e0046e9c9a87d8cd4bc4844a22e1c1732b485569f00f74313f5bac2385a19f4df5aed262bbdd672e39e4da120d73753804e9ca99e6c0

  • SSDEEP

    1536:75hC1HTdf5oI2RqBxb90UFoED8wPYvHy3u1HuQNEnLlosXOTdgkEQzE+ACvBFHY/:/C1XLx0UFoO3wol+WmDHYevf2ynyF

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\15bbdcd1a4d23d2119891e165069cc5c37b72bde9baa0e45045edaca6a3ab74b.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\15bbdcd1a4d23d2119891e165069cc5c37b72bde9baa0e45045edaca6a3ab74b.dll,#1
      2⤵
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:5060
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        PID:5088
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 272
          4⤵
          • Program crash
          PID:4548
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 608
        3⤵
        • Program crash
        PID:1724
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 5060 -ip 5060
    1⤵
      PID:4480
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5088 -ip 5088
      1⤵
        PID:4668

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\SysWOW64\rundll32mgr.exe
        Filesize

        125KB

        MD5

        15da6e81dd1d6ce9cde37a9ec659ef47

        SHA1

        485d5cc850d5426504fc7f5281d42d3d393ebef4

        SHA256

        ae74f487b66968ab3aa67daa32ac4a508d07966fefcaa7da0877bd2a257633c2

        SHA512

        923f45082459168bfd84f94e5afbe67a6ef861b4359f1d068c8d0f788e3425e0bd18a3ca8a4e244ec16dae78ebec368998ad6eaf9104a1ece4ab6b350360d28f

        Download Submit

      • C:\Windows\SysWOW64\rundll32mgr.exe
        Filesize

        125KB

        MD5

        15da6e81dd1d6ce9cde37a9ec659ef47

        SHA1

        485d5cc850d5426504fc7f5281d42d3d393ebef4

        SHA256

        ae74f487b66968ab3aa67daa32ac4a508d07966fefcaa7da0877bd2a257633c2

        SHA512

        923f45082459168bfd84f94e5afbe67a6ef861b4359f1d068c8d0f788e3425e0bd18a3ca8a4e244ec16dae78ebec368998ad6eaf9104a1ece4ab6b350360d28f

        Download Submit

      • memory/5060-136-0x0000000010000000-0x000000001002E000-memory.dmp

        Filesize

        184KB

        Download

      • memory/5088-137-0x0000000000400000-0x000000000045B000-memory.dmp

        Filesize

        364KB

        Download