Analysis

  • max time kernel
    61s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    24/03/2023, 17:24

General

  • Target

    api-ms-win-core-namedpipe-l1-1-0.dll

  • Size

    18KB

  • MD5

    a056d4eeaae37deab8333dcc4c910a93

  • SHA1

    cb59f1fe73c17446eb196fc0dd7d944a0cd9d81f

  • SHA256

    593fa2aa2474508ad942bbaa0fdc9a1badd81c85b0dff1c43b90a47c23ad5fb7

  • SHA512

    c2f811994182ef51d0c011c19336179da69357e5f284f787bcdb54f90c32768a959232a477534f7e62cd3d71a048a13e91b20042e2fe6ab108d606c7c8df9255

  • SSDEEP

    384:eW1hWU5OZkum0GftpBjxKvm3SQTlUK3dsDT:1noVimvf6sDT

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-namedpipe-l1-1-0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:904
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 904 -s 84
      2⤵
      • Program crash
      PID:892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads