Overview

overview

10

Static

static

1

RustMacros.exe

windows7-x64

10

RustMacros.exe

windows10-2004-x64

10

adblib32.dll

windows7-x64

1

adblib32.dll

windows10-2004-x64

1

libquadmath-0.dll

windows7-x64

3

libquadmath-0.dll

windows10-2004-x64

3

unrar.dll

windows7-x64

3

unrar.dll

windows10-2004-x64

3

xca.dll

windows7-x64

1

xca.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    26-02-2023 14:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    libquadmath-0.dll

  • Size

    309KB

  • MD5

    3354b9256750a6b7d97ba30b4ad00717

  • SHA1

    e518b655c83985cc607f624addbc8cb61f8faead

  • SHA256

    b543942b4484d49b95f0ef72399e6ddbf49c7be54024af1e7d6001136a9145e6

  • SHA512

    fb086f26cd0c1c92f012819ccdd045cc4b7d84ba1bdd5cf5665ebf11172f49e712ffe5a354872a24715978955ec9ff7e14c730df4f917502e5533a3ebcb105fc

  • SSDEEP

    6144:UiMcnBcqngoBLqQiQZN9oal0+wbQXIqPP63I8MxpJIpe9aglmBiyRVRFjld:UidqwiQZN9oal0+wMZR8MxpxllyRVTj/

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\libquadmath-0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\libquadmath-0.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2044
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 228
        3⤵
        • Program crash
        PID:1088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2044-54-0x000000006CF00000-0x000000006CF54000-memory.dmp

    Filesize

    336KB

    Download