Analysis
-
max time kernel
95s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
29/03/2023, 19:12
General
-
Target
e38382f484557496bc24078d6b46eef9b8e015bc940aff3be28a640b64698cb8.dll
-
Size
3.7MB
-
MD5
5109c01ac69402782fad8381c502b815
-
SHA1
6a2b350a3190b5545d33da88ba0c64246c12afbf
-
SHA256
e38382f484557496bc24078d6b46eef9b8e015bc940aff3be28a640b64698cb8
-
SHA512
c73b212353ae5ba93e40c115e451379fed3f2711ce579aea4ea65fa5477b2e5701bea2ceff5f77b2dda3365bb6a2751587f8c78f5a18bae7863b9a98b4acc4d9
-
SSDEEP
98304:NDjiuVitYIFmT0dxWSYRerbFc9PS9257:tjxVwYnSYReNcPco
Score
3/10
Malware Config
Signatures
-
Program crash 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e38382f484557496bc24078d6b46eef9b8e015bc940aff3be28a640b64698cb8.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e38382f484557496bc24078d6b46eef9b8e015bc940aff3be28a640b64698cb8.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 6203⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 5643⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4968 -ip 49681⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4968 -ip 49681⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
8.3MB