Overview

overview

3

Static

static

1

borisTheTi...er.dll

windows7-x64

1

borisTheTi...er.dll

windows10-2004-x64

3

Resubmissions

28-03-2023 01:39

230328-b2zvpagc77 10

16-03-2023 15:21

230316-srj5xsbe35 3

Analysis

  • max time kernel
    137s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-03-2023 15:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    borisTheTimeWaster.dll

  • Size

    324KB

  • MD5

    c0826228a9adb4d7954812ab057d73cd

  • SHA1

    b164340aaab397ae167006efe09c50b59d995fd0

  • SHA256

    86aa5515c1ea31365fee27c0be66c15650b1635966ebde47651b9ed0130c82e3

  • SHA512

    069c039ed78e2f90c34533bcb4052e1665cd862805e4e03ca763753e79ca1627aded3366f84dcbbaea91ec85e72220fc6f74f0b259279634ac1aeca2c65f3c0a

  • SSDEEP

    6144:1aaVzaA4R+aU/P/IvTDp3ZZ99GSrtMhsNW9BUW/aSFGMReiDhKRIbGjpDY0RppeX:O+aU/P/IvTDp3ZZ99RrtMU2GSYIajK8w

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\borisTheTimeWaster.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1328
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\borisTheTimeWaster.dll,#1
      2⤵
        PID:4516
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 596
          3⤵
          • Program crash
          PID:4832
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4516 -ip 4516
      1⤵
        PID:4368

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads