Overview

overview

3

Static

static

3

0274fe40e0...55.dll

windows7-x64

3

0274fe40e0...55.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    144s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 14:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0274fe40e01d0f161ff1418fc92e0055.dll

  • Size

    36KB

  • MD5

    0274fe40e01d0f161ff1418fc92e0055

  • SHA1

    205b9bc000b0450ffa2d5401e45b36bc19e17f7a

  • SHA256

    8ac318bce1c8997de203c9257c0c8b7de6d22b99eaa7cc4af83679204f24b9da

  • SHA512

    c9e45c6afa6e6eb224a338b74c5014bc8515c76bf0d84d7a1681cc21aef03a06681ed5915a499acb560e00635b72614519d4ea682697e777852dbdbba5247a8d

  • SSDEEP

    768:+yIqvQQMC05BtNNQAUM6bRWoAhSHlirbt1ZvJRj5tl0O:pIqvQqUtoAUMsRWoAhSUpntQO

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\0274fe40e01d0f161ff1418fc92e0055.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1164
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\0274fe40e01d0f161ff1418fc92e0055.dll,#1
      2⤵
        PID:1080
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 628
          3⤵
          • Program crash
          PID:640
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1080 -ip 1080
      1⤵
        PID:2224

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1080-0-0x0000000000400000-0x000000000040F000-memory.dmp

              Filesize

              60KB

              Download