Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
23-11-2022 06:51
General
-
Target
cbe2bc958374e1cb99cb594fc507ad59da89191920fc9623e39436d6992a3244.dll
-
Size
170KB
-
MD5
d08fbab858936a0d559a2184e3419daa
-
SHA1
29ae3c8055a3ba2a4c0f24b03b9674ffd8d328cc
-
SHA256
cbe2bc958374e1cb99cb594fc507ad59da89191920fc9623e39436d6992a3244
-
SHA512
f4bd3c8afb23528f6ca7c198402592c4df7b4e872adf79d03f4f7b7f0736928f4d0fdbb5056bd6ae172c0a3f85033cbf7dcca728d2e9b6973cb8adbf4d73986c
-
SSDEEP
3072:EKITNYhJpYRuXuSjpEtrgmN2VmJYp1CtIh/6EJV09z099XTLXOtZc7Yaw:EKIGWO7EWJ8JOYCvJVgY9dvJ7N
Score
8/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cbe2bc958374e1cb99cb594fc507ad59da89191920fc9623e39436d6992a3244.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cbe2bc958374e1cb99cb594fc507ad59da89191920fc9623e39436d6992a3244.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 6123⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1696 -ip 16961⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
-
Filesize
532KB