Overview

overview

3

Static

static

3

01f1554064...eb.dll

windows7-x64

3

01f1554064...eb.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    189s
  • max time network
    206s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 14:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    01f1554064c1e5d19dac86f7a48badeb.dll

  • Size

    76KB

  • MD5

    01f1554064c1e5d19dac86f7a48badeb

  • SHA1

    7927559dff12ac1f6f21ddac0b8c3c11214626fd

  • SHA256

    9d7222021377f1fb747bff0d0afebd4e38be7ca3f1f9669e97041fd6bc939bec

  • SHA512

    d070e3e434dca319f0c16030d5ebd2572cf9147487064fbbb75372350499d30ee2997c2043d1e4ca487d0300a6649fb2294dc7eeb8f19033b0a84f0ead958a55

  • SSDEEP

    1536:ewkQuyK2dKcMpOvJsYbZcLs3jPtx5H9u11EjqfZE1cfD0PSAii3+R:ewkKK6dhjas3jPpdu4W0sOSAa

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\01f1554064c1e5d19dac86f7a48badeb.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2200
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\01f1554064c1e5d19dac86f7a48badeb.dll,#1
      2⤵
        PID:4468
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 592
          3⤵
          • Program crash
          PID:3728
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4468 -ip 4468
      1⤵
        PID:3232

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4468-0-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/4468-1-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/4468-2-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download