Analysis
-
max time kernel
151s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
23-11-2022 17:18
General
-
Target
8a5abb390d22b197fa463bdfd8aeb3f2af0cee0a8e8a3b6b848af26a5bfd5a58.dll
-
Size
56KB
-
MD5
53811710d0750ac9f7d87356c6400df0
-
SHA1
4e00098cd85b24cfef7e74cf8a3ae83baac6784e
-
SHA256
8a5abb390d22b197fa463bdfd8aeb3f2af0cee0a8e8a3b6b848af26a5bfd5a58
-
SHA512
b94fdd8c9a152370a06bf3680ab19b0305e994f3a0719cf8247613b365eb68279f9a2e1b740b02c0d38f1bead254c0295bf83d2953dccae763ff40bf97ad6c0a
-
SSDEEP
768:gWtR8eNLjXcemrEfLhnR5s+qonLVa0zndF0oglk5x+oj9yiD+5oKwAbV:gWP8sL/mexRqgfdiFZoJAnwA
Score
8/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8a5abb390d22b197fa463bdfd8aeb3f2af0cee0a8e8a3b6b848af26a5bfd5a58.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8a5abb390d22b197fa463bdfd8aeb3f2af0cee0a8e8a3b6b848af26a5bfd5a58.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 5603⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 952 -ip 9521⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/952-132-0x0000000000000000-mapping.dmp
-
memory/952-133-0x0000000010000000-0x0000000010016000-memory.dmpFilesize
88KB