Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
20-02-2023 10:12
General
-
Target
c23d418ff605240a76a03158e3595f1e09b66ac8817df2b41329f4b94ccebc16.dll
-
Size
393KB
-
MD5
9210fc8d094ae70c58cfdce6a57720de
-
SHA1
4eff590916f5956451cbe053bed955936747c1d5
-
SHA256
c23d418ff605240a76a03158e3595f1e09b66ac8817df2b41329f4b94ccebc16
-
SHA512
b32f91c3f1f4328316b8c523f08a04f61eebef5b96438580a1caa68c702832897a0792d40d38294eb443d16c64da1ec94c42f07cba4d0587e3ca925c88f9cb47
-
SSDEEP
12288:xXh6mhXRHGVtRaGwimcXO916kfyJGDkFgXl9htXa:xX4eHcRaGwiw6kgGcgXlDtq
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c23d418ff605240a76a03158e3595f1e09b66ac8817df2b41329f4b94ccebc16.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c23d418ff605240a76a03158e3595f1e09b66ac8817df2b41329f4b94ccebc16.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 2643⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1520-54-0x0000000000000000-mapping.dmp
-
memory/1520-55-0x00000000763D1000-0x00000000763D3000-memory.dmpFilesize
8KB
-
memory/1520-57-0x00000000007F0000-0x00000000008E1000-memory.dmpFilesize
964KB
-
memory/1520-56-0x00000000007F0000-0x00000000008E1000-memory.dmpFilesize
964KB
-
memory/1520-58-0x00000000007F0000-0x00000000008E1000-memory.dmpFilesize
964KB
-
memory/1520-60-0x00000000007F0000-0x00000000008E1000-memory.dmpFilesize
964KB
-
memory/1720-59-0x0000000000000000-mapping.dmp