Overview

overview

10

Static

static

cce3965795...4c.dll

windows7-x64

10

cce3965795...4c.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    161s
  • max time network
    200s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/11/2022, 07:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cce3965795937eb00d13a2b48e8060ffb2ab2c972ede6014e559a37fb82a784c.dll

  • Size

    764KB

  • MD5

    0188a751fdabf8b2f5131972c24efde5

  • SHA1

    d4b89df6ab83d449ee0643722b245d63ef488e90

  • SHA256

    cce3965795937eb00d13a2b48e8060ffb2ab2c972ede6014e559a37fb82a784c

  • SHA512

    1035379ae19e4e6d2d6ddc9fafd406ea2b14c9c38ee2e1b57ec62814a5477262db0132705361555d9117fdbc0bd9d58b1e6ba85ff4371ef3fe77fa59426f24d8

  • SSDEEP

    12288:JNIyZN4+Wv4PLq6Okrh9ZN/hs9Dsd+mFYdpnnZ:J9TPmirh9Zdh6xpZ

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\cce3965795937eb00d13a2b48e8060ffb2ab2c972ede6014e559a37fb82a784c.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1472
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\cce3965795937eb00d13a2b48e8060ffb2ab2c972ede6014e559a37fb82a784c.dll,#1
      2⤵
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:1264
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        PID:5096
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 252
          4⤵
          • Program crash
          PID:2556
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 608
        3⤵
        • Program crash
        PID:3392
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1264 -ip 1264
    1⤵
      PID:4272
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 5096 -ip 5096
      1⤵
        PID:2452

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\SysWOW64\rundll32mgr.exe
        Filesize

        179KB

        MD5

        385ebb123969c34ffd01be9af09fa85b

        SHA1

        b02bf370f22739e500ba56e7b62d0006ca5cf42d

        SHA256

        74a9b2721ccd34b89f5c4e5dc8683ff520e32918c3459080282f2c52c0458919

        SHA512

        cb34932038568d508e8fbb7d7fb2ef505f63b5fff56625e36a929ebad045d9c166bda732c39876803b3311d15af7c5cc378fd0a7cccb1b60fdae1e094a59fb65

        Download Submit

      • C:\Windows\SysWOW64\rundll32mgr.exe
        Filesize

        179KB

        MD5

        385ebb123969c34ffd01be9af09fa85b

        SHA1

        b02bf370f22739e500ba56e7b62d0006ca5cf42d

        SHA256

        74a9b2721ccd34b89f5c4e5dc8683ff520e32918c3459080282f2c52c0458919

        SHA512

        cb34932038568d508e8fbb7d7fb2ef505f63b5fff56625e36a929ebad045d9c166bda732c39876803b3311d15af7c5cc378fd0a7cccb1b60fdae1e094a59fb65

        Download Submit

      • memory/1264-133-0x0000000010000000-0x00000000100C5000-memory.dmp

        Filesize

        788KB

        Download

      • memory/1264-139-0x0000000010000000-0x00000000100C5000-memory.dmp

        Filesize

        788KB

        Download

      • memory/5096-137-0x0000000000400000-0x0000000000466000-memory.dmp

        Filesize

        408KB

        Download

      • memory/5096-138-0x0000000000400000-0x0000000000466000-memory.dmp

        Filesize

        408KB

        Download