Analysis
-
max time kernel
175s -
max time network
184s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
25-11-2022 12:36
General
-
Target
68987f42915a58669f2bd86b3eea2c010af753f3a37b15ea92d885e52e5b6178.dll
-
Size
301KB
-
MD5
3916bb9de973fbca89aeff0b9735ff75
-
SHA1
769d213716d8a28abe9839e83ce07df22b4dcb27
-
SHA256
68987f42915a58669f2bd86b3eea2c010af753f3a37b15ea92d885e52e5b6178
-
SHA512
54d5734314425416a2a3bab32814d510f6f58441cf72d0f5881168e544ae3091efb503e2782f8b693d9f44f1cc1b79ebe5c3d80932ce7859b67460c0d4602f9e
-
SSDEEP
6144:1fvvKKzAYf0L+6i0t+myTC7dQe0gKss4KJJzujIRryZCIXQHedhoMltVM:hvrzAYYj+myTC7UfpfzOIRG3QHejnM
Score
8/10
Malware Config
Signatures
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\68987f42915a58669f2bd86b3eea2c010af753f3a37b15ea92d885e52e5b6178.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\68987f42915a58669f2bd86b3eea2c010af753f3a37b15ea92d885e52e5b6178.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 8203⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5084 -ip 50841⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/5084-132-0x0000000000000000-mapping.dmp
-
memory/5084-133-0x00000000007B0000-0x0000000000896000-memory.dmpFilesize
920KB
-
memory/5084-134-0x00000000007B0000-0x0000000000896000-memory.dmpFilesize
920KB