Analysis
-
max time kernel
146s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
30-12-2023 11:13
General
-
Target
16e18a6c8d9f98cb34fcc408136eeeb8.dll
-
Size
97KB
-
MD5
16e18a6c8d9f98cb34fcc408136eeeb8
-
SHA1
294f437f0cd53971776197f452df345019d6a824
-
SHA256
91d2770b6b2e6414fbfe1533304494396b86151d9a8c4c08ac5c1af24ff83865
-
SHA512
2058af9de75d5357575879a5ac94691da9b90ebbcc2dbbc5b1d9befb2f135c9fed88418a9fe64c6ca8613d9a034d66039d3a4ccce213e2611fb72d55d6ffa9e0
-
SSDEEP
3072:ZcD5jQGUQomOo2sxFdjkm3txoBfvvhFFJ69:Zc9kQL2sxFVGfvb69
Score
7/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\16e18a6c8d9f98cb34fcc408136eeeb8.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\16e18a6c8d9f98cb34fcc408136eeeb8.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 5603⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 936 -ip 9361⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
176KB