Overview

overview

3

Static

static

xerces-c_1_6_0.dll

windows7-x64

3

xerces-c_1_6_0.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/01/2023, 19:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    xerces-c_1_6_0.dll

  • Size

    1.5MB

  • MD5

    3ba79690e6fbaebfbfbc42e714247aac

  • SHA1

    27dd731ea25e639964805a7747833256ce25caa7

  • SHA256

    863c3732a947fdb3da2b449e0459f33c3086754674d8391b1e6b31612b65f518

  • SHA512

    bbd21f0ec8c6155a9d9261a55822ed0c32b1d299a6cf751588737440e6ae4e63d531713520874d0880c43aa01b49bde6a91562b35772a1f7d354df47dba567bc

  • SSDEEP

    24576:CZM99GD5GYctpPS/yDOv/pooOgFHGOFF:CeYSjo7VFH9FF

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\xerces-c_1_6_0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1420
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\xerces-c_1_6_0.dll,#1
      2⤵
        PID:936
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 612
          3⤵
          • Program crash
          PID:2372
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 936 -ip 936
      1⤵
        PID:1620

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads