Overview

overview

10

Static

static

7776748a26...d5.dll

windows7-x64

10

7776748a26...d5.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    60s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-11-2022 21:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7776748a26841ae3c40803cb4434f11cc0133992b70c47bee34521313f9832d5.dll

  • Size

    119KB

  • MD5

    0e2697b9bf1f449ed42b0e1c2a343260

  • SHA1

    5bf03c40ab0373c6b14a6e4aa9ed25bc933787d4

  • SHA256

    7776748a26841ae3c40803cb4434f11cc0133992b70c47bee34521313f9832d5

  • SHA512

    3bd393fcc07f782b67e1a8cc683240d027b00f41be147ec816f7c17cfaf334b83a9d5974ec92d5d2cc2fde6d378ec8d0569e803546ba25e0a97bdccdabe63d63

  • SSDEEP

    3072:jfiV+o1W31fvzs4d30uxxIuaC0ru8I+duQYwTeCQ:jq1WFXzs4d9xx3EtwQYwTBQ

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\7776748a26841ae3c40803cb4434f11cc0133992b70c47bee34521313f9832d5.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3736
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\7776748a26841ae3c40803cb4434f11cc0133992b70c47bee34521313f9832d5.dll,#1
      2⤵
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:3012
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        PID:804
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 264
          4⤵
          • Program crash
          PID:208
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 620
        3⤵
        • Program crash
        PID:1084
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 3012 -ip 3012
    1⤵
      PID:444
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 804 -ip 804
      1⤵
        PID:3876

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\SysWOW64\rundll32mgr.exe
        Filesize

        105KB

        MD5

        393c4ce895316ab40762ed6e5ac45d0b

        SHA1

        c3c16f65eb1af8362b009471e1a090395215df99

        SHA256

        1d151f17b9769434e7298a916a649d0d281bfba927dbe70b1bff5e1ba11936f8

        SHA512

        7208e3d8a5f7d2a78f73b5108def94e5724b0d1bf14f18fcdefb70861a55b116d8a989378bd3b86d700c210709f8cc727d76466583a93f34402aa5e68d55a430

        Download Submit

      • C:\Windows\SysWOW64\rundll32mgr.exe
        Filesize

        105KB

        MD5

        393c4ce895316ab40762ed6e5ac45d0b

        SHA1

        c3c16f65eb1af8362b009471e1a090395215df99

        SHA256

        1d151f17b9769434e7298a916a649d0d281bfba927dbe70b1bff5e1ba11936f8

        SHA512

        7208e3d8a5f7d2a78f73b5108def94e5724b0d1bf14f18fcdefb70861a55b116d8a989378bd3b86d700c210709f8cc727d76466583a93f34402aa5e68d55a430

        Download Submit

      • memory/804-133-0x0000000000000000-mapping.dmp

        Download

      • memory/804-137-0x0000000000400000-0x000000000045C000-memory.dmp

        Filesize

        368KB

        Download

      • memory/3012-132-0x0000000000000000-mapping.dmp

        Download

      • memory/3012-136-0x0000000010000000-0x0000000010021000-memory.dmp

        Filesize

        132KB

        Download