Analysis

  • max time kernel
    391s
  • max time network
    397s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    08/02/2023, 20:35

General

  • Target

    putty.dll

  • Size

    344KB

  • MD5

    a4ed3d213af08f77fa8db0f1e04185fa

  • SHA1

    0501225f9347d61de2e3df21817a9f189c0dd76f

  • SHA256

    6991f1ee5f7b004d2d6ca5a166316b5f533907b13b767b6c390704aa78b36c21

  • SHA512

    25cf7599cd2ea580bfbaa6ad4bff44b6caa163a19701837f3ecab89b98120b1f953f9ef6ff64fcbbcaca0a137006b97e5ef8566bb3725b9fea835a4389817c12

  • SSDEEP

    6144:68HwSJZ88IKeVSi5CHvJITRTcKY+UC6vmtmHkRCfDg6vlIDAtYf3FawrI159A5:68HwSJG83i5CPqTCKY+cOOMAtYfweu5I

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\putty.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:536
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\putty.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1188
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 228
        3⤵
        • Program crash
        PID:1600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1188-55-0x00000000763D1000-0x00000000763D3000-memory.dmp

    Filesize

    8KB