Overview

overview

3

Static

static

6abc71c929...10.dll

windows7-x64

3

6abc71c929...10.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    40s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 23:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6abc71c929e25df33bd6998eda56e14de437c0832ca7120e802a4ce6e6aee210.dll

  • Size

    344KB

  • MD5

    f4aba0a4123177e2815f1d91e4a772d1

  • SHA1

    44d989494dd1ba0232f2825215f71677e43b7461

  • SHA256

    6abc71c929e25df33bd6998eda56e14de437c0832ca7120e802a4ce6e6aee210

  • SHA512

    a0d6b331b4019d39646a6ae1ec7364f7f3e3cdd6f9c11d521960a20182cab2420d229379ef1c83dd6d9d185c5c328e3addeb6dc2be695928dc96aa77d667eed9

  • SSDEEP

    6144:xlsrlNy9kkAoIvGljJop4CfWAkJuRuTiHVzzddTBjmh9zsp:xOnyKkUD4JuE4zzddTZmvwp

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\6abc71c929e25df33bd6998eda56e14de437c0832ca7120e802a4ce6e6aee210.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1424
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\6abc71c929e25df33bd6998eda56e14de437c0832ca7120e802a4ce6e6aee210.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1852
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 300
        3⤵
        • Program crash
        PID:1340

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1852-55-0x0000000076151000-0x0000000076153000-memory.dmp

          Filesize

          8KB

          Download