Analysis

  • max time kernel
    46s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    07/02/2023, 17:06

General

  • Target

    01 (2).dll

  • Size

    418KB

  • MD5

    ab28ce01947066084d4af6583a6d3b54

  • SHA1

    b1d69acda90232d836bc69ea3cbd9465ce3afdd3

  • SHA256

    73c6b431eb5a92719ba406a765d011aa709234af3675e9de4eff9c5f9edd3fe3

  • SHA512

    b99e5f2348f653da27a3ebc53da47dba72fc0b94ceaaf290e8f7d23cf0ef45095c13a9a101b235c6c45873a5feae35eedf402e5ea90bea5f12274cce103ba307

  • SSDEEP

    6144:+1bpx1ymed01f3UBRxFoNgKIlp6Ydc2ZiKm5baKrE7eh7PilAFNZzdnLf:sN8d0dkfxFoNgKIlbdc2IOaGlAFnBT

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\01 (2).dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1396
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\01 (2).dll",#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:852
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 224
        3⤵
        • Program crash
        PID:1200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/852-55-0x00000000752B1000-0x00000000752B3000-memory.dmp

    Filesize

    8KB