Overview

overview

3

Static

static

3

2569f42914...a3.dll

windows7-x64

1

2569f42914...a3.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    161s
  • max time network
    170s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 02:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2569f42914e1f89b535a7d5162fba5a3.dll

  • Size

    261KB

  • MD5

    2569f42914e1f89b535a7d5162fba5a3

  • SHA1

    e7b7fc07c596a2c4f84bb6bec4d620ccddc423bf

  • SHA256

    17c8a441dda0e80ea9cdbdc26afe1f8167f686b4373027938757d3fd54a2cd4f

  • SHA512

    b8a906e0c7ea84c0e0a8ea601bb11986dd1c41b8e7859363ef05f3ee3fa8b758ce278c1a146701879dc5d7fd4e0258f1a699b2620871545d0cf8d0308309f1e5

  • SSDEEP

    3072:1RIithd4eC6AIiLUakaD/7QnYec1QDheNQ61iRv2HBrJR0Y5lBu/SVPq+fi2ndZa:V+erRih/9zSRveBTX2w2MGYxXHH4N

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2569f42914e1f89b535a7d5162fba5a3.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4752
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2569f42914e1f89b535a7d5162fba5a3.dll,#1
      2⤵
        PID:1796
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 632
          3⤵
          • Program crash
          PID:2264
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1796 -ip 1796
      1⤵
        PID:2452

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1796-0-0x0000000010000000-0x00000000100A7000-memory.dmp

              Filesize

              668KB

              Download