Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2023, 10:40

General

  • Target

    368-135-0x0000000000530000-0x000000000053D000-memory.dll

  • Size

    52KB

  • MD5

    a7fb8e610855d7f28703d20d13a940c5

  • SHA1

    68fda5c9cc2e8535e28040e033bc40b76a7b9693

  • SHA256

    d9050b7251e389b34a9028447e79dd714346007bf2981152508c567ad31ec5d3

  • SHA512

    e549fef8ef9f7aef7792a67511688f3cf23acdc94ea2897d852e1bf7dbc9682b4213f1458bccbcd7315ce21c3114c8d97af858673b0146123be69fdf26a482c4

  • SSDEEP

    1536:Mk/qoTd/4Gc/jhLb27H9npXTAgdM+D1Gc:zqoBPc/NLb27HjvdMo1G

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\368-135-0x0000000000530000-0x000000000053D000-memory.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1676
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\368-135-0x0000000000530000-0x000000000053D000-memory.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1584
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 196
        3⤵
        • Program crash
        PID:628

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads