Overview

overview

3

Static

static

33b30b23f1...ry.dll

windows7-x64

3

33b30b23f1...ry.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    406s
  • max time network
    411s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27/10/2022, 05:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    33b30b23f1f52442b5e794d13e204b424ad0e47717017fca0531abff0f5c1bcd_dump_0x20010000_secondary.dll

  • Size

    52KB

  • MD5

    333ebe3a81f9c77fc09ab7d72baf057d

  • SHA1

    51d46f2af66d3db32be1f69e329e2df742e6d389

  • SHA256

    5503d1db4e4f1f776321c52be76e24586361cce72b50f9f915f57ff04956e51b

  • SHA512

    9bf16dd0914604c53a5cd8dee3bfea274fceb757e929564dcbff15acf3c63f10d07c5965d261f9f6d00a9bd537ff667959465ddc7586c4b27cdf7a75e4b33240

  • SSDEEP

    768:/lYOW76wzWmadEWdTf0tvoE4L30Fc4stWt:/u76zCqEk3V3

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\33b30b23f1f52442b5e794d13e204b424ad0e47717017fca0531abff0f5c1bcd_dump_0x20010000_secondary.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1584
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\33b30b23f1f52442b5e794d13e204b424ad0e47717017fca0531abff0f5c1bcd_dump_0x20010000_secondary.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1172
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 196
        3⤵
        • Program crash
        PID:1948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1172-55-0x0000000074BB1000-0x0000000074BB3000-memory.dmp

    Filesize

    8KB

    Download