Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-12-2023 20:06

General

  • Target

    0fc4f81112953bd3b077a8747bf8faa6.dll

  • Size

    1016KB

  • MD5

    0fc4f81112953bd3b077a8747bf8faa6

  • SHA1

    65851b3268de95c1bcf386fd2f0c09f10fd4fda3

  • SHA256

    9c1cebc2927395069711c01e8037950e0b26f56af12a225589d942c3612375f0

  • SHA512

    6835eaa5e6137b1c517cd33cfb6ac516b872923fbc1ab41d51ff5a5a28faa95fcd83045ec2e4e10502b92e21c0a11ce42d6d9ac64cb8e2faca26f84a8699494a

  • SSDEEP

    6144:MxEp4XDJWzbRh0ScU+nBS6VEfuOCQ895jcM1:M+NzbRaSQSX3S95R

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fc4f81112953bd3b077a8747bf8faa6.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3068
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fc4f81112953bd3b077a8747bf8faa6.dll,#1
      2⤵
        PID:4632
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 636
          3⤵
          • Program crash
          PID:1776
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4632 -ip 4632
      1⤵
        PID:4524

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4632-0-0x0000000000E90000-0x0000000000EA6000-memory.dmp

        Filesize

        88KB