Analysis
-
max time kernel
135s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
19-06-2023 19:11
General
-
Target
cc978c3346a1037cd40776b72af9fcda4076afb5f10029130de6df603043fc3a.dll
-
Size
939KB
-
MD5
8af07a7e620ff01e2be5869db105b012
-
SHA1
5bfb4803ef6249f22f8e571fab74bf9a3730c2e6
-
SHA256
cc978c3346a1037cd40776b72af9fcda4076afb5f10029130de6df603043fc3a
-
SHA512
21fe37c8fe4634d0bcc3bbbfdb1435af982e2c31fe3297d50a78417bac964c252ff441c76d107ea94ac8b85aab02d1d0aa697b5615be83f2e5fba232bfbb67b5
-
SSDEEP
24576:TXvZl5Y074EjId8klXDYFBozQ/nEee7BBv:TRU07bjTkNuU7
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cc978c3346a1037cd40776b72af9fcda4076afb5f10029130de6df603043fc3a.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cc978c3346a1037cd40776b72af9fcda4076afb5f10029130de6df603043fc3a.dll,#12⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 7603⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2520 -ip 25201⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2520-133-0x0000000000400000-0x00000000006EE000-memory.dmpFilesize
2.9MB
-
memory/2520-134-0x0000000000400000-0x00000000006EE000-memory.dmpFilesize
2.9MB
-
memory/2520-135-0x0000000000400000-0x00000000006EE000-memory.dmpFilesize
2.9MB
-
memory/2520-136-0x0000000000400000-0x00000000006EE000-memory.dmpFilesize
2.9MB
-
memory/2520-137-0x0000000000400000-0x00000000006EE000-memory.dmpFilesize
2.9MB
-
memory/2520-138-0x0000000000400000-0x00000000006EE000-memory.dmpFilesize
2.9MB