Analysis

  • max time kernel
    81s
  • max time network
    167s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-02-2023 22:08

General

  • Target

    System/RGSS301.dll

  • Size

    1.0MB

  • MD5

    dd25855ac39d32da033902fc58fa210b

  • SHA1

    0ffa23a4d0b81438a329258f5c8d3b3403f4aa94

  • SHA256

    27647690ed16218cd988dd71069fdca67207515b2a2df775be361f0198ab6876

  • SHA512

    07f7f7cb4eda2165b4b28456fb01d4edea6e3d5f305dde19256865777905a0d0bb1d13ce1194a8639d740f633ccf1507a1b87530644d5e2d512a86829195ae60

  • SSDEEP

    24576:+pc8WbPqpzFwdPhet279ae3P7zqP2JzCNkX67Flr1nH0F3ia:+pc8W7qEdPhet2hae3HfJR2Uf

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\System\RGSS301.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4620
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\System\RGSS301.dll,#1
      2⤵
      • Modifies registry class
      PID:4360
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 712
        3⤵
        • Program crash
        PID:4720
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4360 -ip 4360
    1⤵
      PID:5016

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4360-132-0x0000000000000000-mapping.dmp

    • memory/4360-133-0x0000000010000000-0x0000000010324000-memory.dmp

      Filesize

      3.1MB

    • memory/4360-134-0x00000000025A0000-0x00000000025A4000-memory.dmp

      Filesize

      16KB