Analysis
-
max time kernel
252s -
max time network
330s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
23-11-2022 11:09
General
-
Target
e04db714ba337f3014e99e29b403fec901b0224c91ac460b91c25efa21edf5cf.dll
-
Size
107KB
-
MD5
7ed12a1967dddf3ead9bec61af4b4d46
-
SHA1
5b0b1cce66f77b56e99141287b4147cb1679e28e
-
SHA256
e04db714ba337f3014e99e29b403fec901b0224c91ac460b91c25efa21edf5cf
-
SHA512
2e16416865479db3630c04606e3b233cedb4081b9b2bf42c62e6e172787141c6f1b6234fd79e2cbc084bb2d8342cb2fe5f38f21af12c2828bee0fd759b956f53
-
SSDEEP
3072:uRh1Q+Ty0iVMBsrsu34kZa9IJn3G6fjKg0j0wuusA:uRhvSUX2Jn3G6KgMs
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e04db714ba337f3014e99e29b403fec901b0224c91ac460b91c25efa21edf5cf.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e04db714ba337f3014e99e29b403fec901b0224c91ac460b91c25efa21edf5cf.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 6243⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 784 -ip 7841⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/784-132-0x0000000000000000-mapping.dmp
-
memory/784-133-0x0000000000C90000-0x0000000000C9F000-memory.dmpFilesize
60KB
-
memory/784-134-0x0000000000C90000-0x0000000000C9F000-memory.dmpFilesize
60KB
-
memory/784-135-0x00000000026C0000-0x00000000026DE000-memory.dmpFilesize
120KB
-
memory/784-139-0x0000000010000000-0x000000001001E000-memory.dmpFilesize
120KB
-
memory/784-140-0x0000000000C90000-0x0000000000C9F000-memory.dmpFilesize
60KB