Analysis
-
max time kernel
142s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
01-04-2023 19:55
General
-
Target
31cde3f510ab29af1c526ea548229374899606d2a98b62b3de5af2b540bc7342.dll
-
Size
1.3MB
-
MD5
301ae731858e928feab43dd23cc9e63c
-
SHA1
42c70c58652d15061b84c671640d31cef619e0d9
-
SHA256
31cde3f510ab29af1c526ea548229374899606d2a98b62b3de5af2b540bc7342
-
SHA512
b1b7a792c018cd4f4657dec6c7b892e5354b9b219f3ee83f3c662dab65a7caa2e4ad4d0cfc6ff58e87e7cc8f3c876750976a70dd2fcc9c9a7bd7846868f4108e
-
SSDEEP
24576:FNCgNdSGdv0o4TvDjbOf2FfWl8KuqGavkg3NyNIbbbIoIBAUZLYGgD:FNCgN5Ma+s8KuqGaX0ToIBAUZLYGG
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\31cde3f510ab29af1c526ea548229374899606d2a98b62b3de5af2b540bc7342.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\31cde3f510ab29af1c526ea548229374899606d2a98b62b3de5af2b540bc7342.dll,#12⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 3123⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/956-54-0x0000000010000000-0x0000000010243000-memory.dmpFilesize
2.3MB
-
memory/956-55-0x0000000010000000-0x0000000010243000-memory.dmpFilesize
2.3MB
-
memory/956-56-0x0000000010000000-0x0000000010243000-memory.dmpFilesize
2.3MB
-
memory/956-57-0x0000000010000000-0x0000000010243000-memory.dmpFilesize
2.3MB
-
memory/956-58-0x0000000010000000-0x0000000010243000-memory.dmpFilesize
2.3MB
-
memory/956-59-0x0000000010000000-0x0000000010243000-memory.dmpFilesize
2.3MB