Analysis
-
max time kernel
183s -
max time network
192s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
25-11-2022 12:34
General
-
Target
0caa901a9155f8828a863b84a1716451b2c6b1fa23b858e843246d02687cf47e.dll
-
Size
618KB
-
MD5
324e4e306cdb6793268c8afc01f92d0f
-
SHA1
b1cdce4046eccb181aab3cce32b3a294a8db4c94
-
SHA256
0caa901a9155f8828a863b84a1716451b2c6b1fa23b858e843246d02687cf47e
-
SHA512
346f6d2365546b5914f49e8510c2a789679ec2eb2051811bc5e46a25bd9d4f92ef62d4c56698e34298707356ca563be9ae2a6830587cf341b3bff496d7554532
-
SSDEEP
12288:zvbFgp+LPjwhtotfi9XTPz8HKp5kLpFql2CVVqk4inNT4hTMqnV8Z:zBgAHwhtotaVkeAA2EVqh8NT0Tn
Score
3/10
Malware Config
Signatures
-
Program crash 2 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0caa901a9155f8828a863b84a1716451b2c6b1fa23b858e843246d02687cf47e.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0caa901a9155f8828a863b84a1716451b2c6b1fa23b858e843246d02687cf47e.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 5483⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 5483⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2676 -ip 26761⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2676-132-0x0000000000000000-mapping.dmp
-
memory/4716-133-0x0000000000000000-mapping.dmp