Overview

overview

7

Static

static

7

f1473ab20a...ed.dll

windows7-x64

1

f1473ab20a...ed.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    136s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-02-2023 20:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f1473ab20ac64b0e66d6b8899cabb44b26d360e4166c794e78acaa3e3ea2a9ed.dll

  • Size

    125KB

  • MD5

    56bcea8eabd6c42019b8ee1a72b7f09c

  • SHA1

    0427266ce390b11e02c87d4e53c0901cce5bc7c1

  • SHA256

    f1473ab20ac64b0e66d6b8899cabb44b26d360e4166c794e78acaa3e3ea2a9ed

  • SHA512

    fb17dd5c7f37541d0036c335447e6beba571b9b2e78114a96e125e36a22af155d3986dce56c60aa3b5b3f2d5f5c121960b46d4d8a54de10f8865385a479d5266

  • SSDEEP

    1536:9DbES8gbErXSoSJN4hAxfFCsFJNo5aUouIAGyM4+6S2Z9QtxR+ea8htWYn6v:9nEbrCoRhAxM+NcaUb4yMJtP+sF6v

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f1473ab20ac64b0e66d6b8899cabb44b26d360e4166c794e78acaa3e3ea2a9ed.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5100
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\f1473ab20ac64b0e66d6b8899cabb44b26d360e4166c794e78acaa3e3ea2a9ed.dll,#1
      2⤵
        PID:2368
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 652
          3⤵
          • Program crash
          PID:4804
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2368 -ip 2368
      1⤵
        PID:4656

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2368-132-0x0000000000000000-mapping.dmp
        Download
      • memory/2368-133-0x0000000010000000-0x0000000010041000-memory.dmp
        Filesize

        260KB

        Download
      • memory/2368-134-0x0000000010000000-0x0000000010041000-memory.dmp
        Filesize

        260KB

        Download
      • memory/2368-135-0x0000000010000000-0x0000000010041000-memory.dmp
        Filesize

        260KB

        Download
      • memory/2368-136-0x0000000010000000-0x0000000010041000-memory.dmp
        Filesize

        260KB

        Download