Analysis
-
max time kernel
33s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
23-11-2022 12:46
General
-
Target
ed78a3006281aa03b57c72baf76b32fe37a2038e5993d42221ec1ff4d3acf442.dll
-
Size
395KB
-
MD5
7c87f462348731706f4d7f283f996620
-
SHA1
c13fda3d65318b669c1e6eab738df1d61ec84517
-
SHA256
ed78a3006281aa03b57c72baf76b32fe37a2038e5993d42221ec1ff4d3acf442
-
SHA512
68cb341510bd3590b88af02ce107f4650812ed5fd6215279edb2a6e10373af02015d10d3899beb2b9908354f528bb03e49566c8e8e04261c4a0ce6a11f78ee83
-
SSDEEP
6144:GjCNcMDIoSyTG1LzSTFI1ub50l2GWXID0caDUa2BfFdLhxiYu68uq+XW9lODn:L0L4G5zWmAGYW3fF1ziYu2q+GXm
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ed78a3006281aa03b57c72baf76b32fe37a2038e5993d42221ec1ff4d3acf442.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ed78a3006281aa03b57c72baf76b32fe37a2038e5993d42221ec1ff4d3acf442.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 2323⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/852-61-0x0000000000000000-mapping.dmp
-
memory/1968-54-0x0000000000000000-mapping.dmp
-
memory/1968-55-0x00000000754E1000-0x00000000754E3000-memory.dmpFilesize
8KB
-
memory/1968-56-0x0000000000730000-0x0000000000796000-memory.dmpFilesize
408KB
-
memory/1968-60-0x0000000000260000-0x00000000002C2000-memory.dmpFilesize
392KB