Overview

overview

8

Static

static

8

db34611ba6...f2.dll

windows7-x64

1

db34611ba6...f2.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2022, 18:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    db34611ba6735213567cbf2e5479941e612a2d8bfda7c781d52149dc1778cef2.dll

  • Size

    111KB

  • MD5

    01f99b4674b27e41b1ba3bc8942e33e3

  • SHA1

    34ce987c7e716e85f9bb5f3ef9d8e91ee5eae9b0

  • SHA256

    db34611ba6735213567cbf2e5479941e612a2d8bfda7c781d52149dc1778cef2

  • SHA512

    8028f76a68db7ab233271ef04f2644aafd2ab93cf3b9a1c7d6fb6569389be59e5aafd6e12e07f76ea1b139fe1d7b30ef1136996bbdab8e808244a25813ab6d0e

  • SSDEEP

    1536:VhAln6fjYuvecqb0MbubkFN6xdgjbWqPayNdnKmwyNXs4J397hw056IDgwpvgdho:O6fVvrqJbFmibWqPaO7z1s+3P5HzM3K

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\db34611ba6735213567cbf2e5479941e612a2d8bfda7c781d52149dc1778cef2.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5056
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\db34611ba6735213567cbf2e5479941e612a2d8bfda7c781d52149dc1778cef2.dll,#1
      2⤵
        PID:5016
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 572
          3⤵
          • Program crash
          PID:1276
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5016 -ip 5016
      1⤵
        PID:5088

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/5016-133-0x0000000010000000-0x000000001000D000-memory.dmp

              Filesize

              52KB

              Download