Overview

overview

10

Static

static

3

5cc5e79e15...0e.dll

windows7-x64

8

5cc5e79e15...0e.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    10-09-2023 11:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5cc5e79e1540e89c28966395444f25bf717ac4c700847a59cd59e8f27941e20e.dll

  • Size

    94KB

  • MD5

    ca4e9a08ccebf3dbe5973f92bd17f0b7

  • SHA1

    1e74be71c0522b6cf4b74d81492279fa0cf9095a

  • SHA256

    5cc5e79e1540e89c28966395444f25bf717ac4c700847a59cd59e8f27941e20e

  • SHA512

    3c659b4170380c85ad1aec1ec5f944a98516d3fcdf99e17adeeebec5d9ec5dc4a50609fc73848aab7900a1523e6e8032a41b276e5e695c25f58e5c88dec15559

  • SSDEEP

    1536:NqGCeONIWGmVDp92/731b5cRxq3bOFsr+ecMRsWjcd3KA2jVjE4wJ:N+WpmD+7lbZp+YeaA2jVjEtJ

Score
8/10
persistence

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\5cc5e79e1540e89c28966395444f25bf717ac4c700847a59cd59e8f27941e20e.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\5cc5e79e1540e89c28966395444f25bf717ac4c700847a59cd59e8f27941e20e.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:2216
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 256
        3⤵
        • Program crash
        PID:2408

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2216-0-0x0000000000170000-0x0000000000171000-memory.dmp

    Filesize

    4KB

    Download