Overview

overview

7

Static

static

7

69b56675f6...58.dll

windows7-x64

3

69b56675f6...58.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    98s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-05-2023 01:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    69b56675f6d18ccb505abbc549a25d3e772a58c6ed6ce9ba204cad87e6700558.dll

  • Size

    466KB

  • MD5

    532168c98146e5cc826971f92b5d53ab

  • SHA1

    659014832d3ad08ccf57e494d642821e34624805

  • SHA256

    69b56675f6d18ccb505abbc549a25d3e772a58c6ed6ce9ba204cad87e6700558

  • SHA512

    a056ac2a6f84328c68143604bbc2e5f5d02ca87b513356e507674defa5212f8f21e434989056b4a9ab1e4c9e69c6ec1ce4acfa0172e81303c530841287b62632

  • SSDEEP

    12288:grVHy/Suu10Mbge5QZrmAwBJi3GS4ReUBTz:gxHku10Mce6ZrOBJiee0X

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\69b56675f6d18ccb505abbc549a25d3e772a58c6ed6ce9ba204cad87e6700558.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1664
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\69b56675f6d18ccb505abbc549a25d3e772a58c6ed6ce9ba204cad87e6700558.dll,#1
      2⤵
        PID:4448
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 688
          3⤵
          • Program crash
          PID:3868
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 4448 -ip 4448
      1⤵
        PID:4452

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4448-134-0x0000000000400000-0x0000000000534000-memory.dmp
        Filesize

        1.2MB

        Download
      • memory/4448-133-0x0000000000400000-0x0000000000534000-memory.dmp
        Filesize

        1.2MB

        Download
      • memory/4448-135-0x0000000000400000-0x0000000000534000-memory.dmp
        Filesize

        1.2MB

        Download
      • memory/4448-136-0x0000000000400000-0x0000000000534000-memory.dmp
        Filesize

        1.2MB

        Download
      • memory/4448-137-0x0000000000400000-0x0000000000534000-memory.dmp
        Filesize

        1.2MB

        Download