Analysis

  • max time kernel
    140s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-08-2023 11:41

General

  • Target

    231b82866fa050d4fce496f0fa227c35cf27c6a16132148dcb36b2e92253946c.dll

  • Size

    1.5MB

  • MD5

    8c8dc921e7a52e3c0c3a8d5011f0ee23

  • SHA1

    014201108cd72f794e24908346bda4e21f598692

  • SHA256

    231b82866fa050d4fce496f0fa227c35cf27c6a16132148dcb36b2e92253946c

  • SHA512

    b4539d7b6fecbe3b07a3dcc60f17e67a7a1dfc71baa05147cdf452b2d204f8197567762c2c8ad1249e4350ac5849ec2546cfd362b850fae56cd228b34cd51e70

  • SSDEEP

    24576:k38zHK++lYN/aZz8vI6/SrNXVo+KpP13wZhKQ7zQ+h3ep/IK45FxN:k3CtvNyIsVw1wZF/hep/4FxN

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\231b82866fa050d4fce496f0fa227c35cf27c6a16132148dcb36b2e92253946c.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3040
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\231b82866fa050d4fce496f0fa227c35cf27c6a16132148dcb36b2e92253946c.dll,#1
      2⤵
      • Drops file in System32 directory
      PID:4040
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 876
        3⤵
        • Program crash
        PID:3648
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4040 -ip 4040
    1⤵
      PID:3904

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\mislog\log20230827.txt

      Filesize

      1023B

      MD5

      455d52109302cd2bc2b40d85b806a297

      SHA1

      7f61f57be91cbe2939103afb0c63622b374cbd2e

      SHA256

      905254035b3f544f944bce73c82ff92495409de22999985f9cc3f73aa72e134f

      SHA512

      d8ce1e1d062d333cab9e218bec43f7c0506594139389ac92a9c943c36d817c6032edb66b26d6a14286a5c94883cce52ac6cf00eaf5052058de4b7d875af29d23

    • C:\Windows\SysWOW64\mislog\log20230827.txt

      Filesize

      1023B

      MD5

      455d52109302cd2bc2b40d85b806a297

      SHA1

      7f61f57be91cbe2939103afb0c63622b374cbd2e

      SHA256

      905254035b3f544f944bce73c82ff92495409de22999985f9cc3f73aa72e134f

      SHA512

      d8ce1e1d062d333cab9e218bec43f7c0506594139389ac92a9c943c36d817c6032edb66b26d6a14286a5c94883cce52ac6cf00eaf5052058de4b7d875af29d23