Analysis

  • max time kernel
    140s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 03:22

General

  • Target

    0ccf06d959a7ecb84001e82c4a93cc59.dll

  • Size

    13KB

  • MD5

    0ccf06d959a7ecb84001e82c4a93cc59

  • SHA1

    776ee8354c042aaeff50dc48b66132002afb5fdd

  • SHA256

    1c6d6b3ddea8e478a2cb1a71f2aa4ebd849d3d422d12b3d271796c01eb3ab2f8

  • SHA512

    aa69be6024a98d4ed7f7711e02fe3f1e755232d84d9ea9b9e728cef6e5552c645a6f3a5cab17b54e89c3cf00c481da8713eaa5469e95538f4b39b994c69477c0

  • SSDEEP

    384:Roga7P3zobB7vU7uTMxNsmE0a5dj/DaNJawcudoD7U:CgaXQ5UCMxNsmEr5dKnbcuyD7U

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ccf06d959a7ecb84001e82c4a93cc59.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ccf06d959a7ecb84001e82c4a93cc59.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2516
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 244
    1⤵
    • Program crash
    PID:1836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2516-1-0x0000000010000000-0x000000001000A000-memory.dmp

    Filesize

    40KB

  • memory/2516-0-0x0000000010000000-0x000000001000A000-memory.dmp

    Filesize

    40KB

  • memory/2516-2-0x0000000010000000-0x000000001000A000-memory.dmp

    Filesize

    40KB