Overview

overview

8

Static

static

8

3d9dddab9e...59.dll

windows7-x64

1

3d9dddab9e...59.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    93s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-10-2022 04:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d9dddab9e3c4ccd311fed565ccaa4dac43b7cde2f9d3dde839832533027f059.dll

  • Size

    81KB

  • MD5

    93542c914b1ad6be3ac65f6e56d3ab80

  • SHA1

    2bba4b96ea9b5c3286f9d9cc19c17d29d9bfbc59

  • SHA256

    3d9dddab9e3c4ccd311fed565ccaa4dac43b7cde2f9d3dde839832533027f059

  • SHA512

    68da82c145c8744e950081d4b263adc66e978428225ff6260d6a15be77eecdd8838b3cca5f89c23f65ef2c043b6b1f16ad769080e9e093979a80853d6ae96cd4

  • SSDEEP

    1536:LSXbPpBUumBl7wNS/xpP0uE5RTzuQeRPEatdmiPNlc8NTGlU9ve:4LpaMSm5RTiQeZEKmCNlFzF

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d9dddab9e3c4ccd311fed565ccaa4dac43b7cde2f9d3dde839832533027f059.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5068
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d9dddab9e3c4ccd311fed565ccaa4dac43b7cde2f9d3dde839832533027f059.dll,#1
      2⤵
        PID:4444
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 544
          3⤵
          • Program crash
          PID:4640
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4444 -ip 4444
      1⤵
        PID:4924

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4444-132-0x0000000000000000-mapping.dmp

        Download

      • memory/4444-133-0x0000000010000000-0x000000001001A000-memory.dmp

        Filesize

        104KB

        Download