Overview

overview

3

Static

static

1

500b89cdbd...1b.dll

windows7-x64

3

500b89cdbd...1b.dll

windows10-2004-x64

Analysis

  • max time kernel
    117s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19-12-2023 15:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    500b89cdbdbdd9652974c347201db51b.dll

  • Size

    9.3MB

  • MD5

    500b89cdbdbdd9652974c347201db51b

  • SHA1

    7fa0c8f136eb58e8b6fc9ebe1f5dd90ee8c27d60

  • SHA256

    4a6585a52d8f736438761fc1da1f06da37b0e0f8789212269862b86e850318e8

  • SHA512

    a16d45927e83e57ba77d913c7359cce23ab41dc3800008a52aa6b87f081a97bd8415b80e4e87a9fd29ddfdb5cb948143ab1e893a636dd169fc54fed28f2c3678

  • SSDEEP

    196608:IxEP01kANFrbfxdqPeQYhhPvOzpxEP01kANFrbfxdqPeQYhhPvOzvxEP01kANFrN:Ix71t5hPQpx71t5hPQvx71t5hPQVx71i

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\500b89cdbdbdd9652974c347201db51b.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\500b89cdbdbdd9652974c347201db51b.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2088
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 228
        3⤵
        • Program crash
        PID:2732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2088-0-0x0000000001F10000-0x0000000002163000-memory.dmp

    Filesize

    2.3MB

    Download