Analysis

  • max time kernel
    140s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-09-2023 11:57

General

  • Target

    db2d841135a0c2371f27aa9c1b00da65e6e30a95801a4f709d234febad06f6f9.dll

  • Size

    301KB

  • MD5

    563a1faf1c40bced5de14acdc77fecdd

  • SHA1

    c134f7bc21e395b9225d2c7ad289d380db789f59

  • SHA256

    db2d841135a0c2371f27aa9c1b00da65e6e30a95801a4f709d234febad06f6f9

  • SHA512

    378f9d033ef2c2a2ffc23f1433b4d98946a7c7ea918f3ad950a63da0ba9a8fe1a1b03ca7c5cf066d6ee3a2947c0c27de676b239c98d7fe2ab9ffb6c0b3d31a19

  • SSDEEP

    384:bK4A04csU8twR1HboTku73J7fPMi24ug3pSWGZd4CRXMGNd5t9X6umu0KkKE:Vsj2UbZTd24u+ErXRXMGpdaK

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\db2d841135a0c2371f27aa9c1b00da65e6e30a95801a4f709d234febad06f6f9.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3448
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\db2d841135a0c2371f27aa9c1b00da65e6e30a95801a4f709d234febad06f6f9.dll,#1
      2⤵
        PID:2052
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 652
          3⤵
          • Program crash
          PID:2784
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2052 -ip 2052
      1⤵
        PID:728

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads