Overview

overview

10

Static

static

10

5ab2225e05...1e.dll

windows7-x64

3

5ab2225e05...1e.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    02-09-2023 23:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5ab2225e0536322e4262cd2f28a3e664bd73a32b8e5f2fd8b1cfd23bd2346b1e.dll

  • Size

    208KB

  • MD5

    be7e9cff9226cc7cec40e118c3fb24d4

  • SHA1

    eb67d0a88bca6354e6ffb26aebd877569bb118e7

  • SHA256

    5ab2225e0536322e4262cd2f28a3e664bd73a32b8e5f2fd8b1cfd23bd2346b1e

  • SHA512

    1f86e22509bc979630b567551fddeecadf2369b8dddbb07e6fa09b5656940fc0afc3f5b5096394dd7ee37664d8274ae74805a03c8657baf724a671aacecc0e98

  • SSDEEP

    3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUyY5a:LIDff9D8C6XYRw6MT2DEj

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ab2225e0536322e4262cd2f28a3e664bd73a32b8e5f2fd8b1cfd23bd2346b1e.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1596
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ab2225e0536322e4262cd2f28a3e664bd73a32b8e5f2fd8b1cfd23bd2346b1e.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2072
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 232
        3⤵
        • Program crash
        PID:1292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads