Analysis
-
max time kernel
137s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
01-01-2024 06:40
General
-
Target
3c2658c042d05cbb82a38b07eb929901.dll
-
Size
176KB
-
MD5
3c2658c042d05cbb82a38b07eb929901
-
SHA1
e0cf3cb69d2a74f6bdac14d0ea16d24d87d7a499
-
SHA256
5fbe22f977ff6a33746652cf5ca143c05eb242a1e20d56a662ef572f1e58cade
-
SHA512
2390577006c398ccad12e09ed6b3a75d25d7ef7cab06283551ec1604f245884f2e8e0df475f652efd6a707b17613b4c16222436ea997fa09ffced6bc3c709acd
-
SSDEEP
3072:EfQ9DX7m6Cpp9FZTv6MPPrYZFLCD39dkLnfXZQjIkm9OdxUWLofLiHwhsjttoutl:Vj7i9LvhUFSn0Xsdm2sLkoS
Score
7/10
Malware Config
Signatures
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3c2658c042d05cbb82a38b07eb929901.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3c2658c042d05cbb82a38b07eb929901.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 5443⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3772 -ip 37721⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3772-0-0x0000000000400000-0x0000000000451000-memory.dmpFilesize
324KB
-
memory/3772-1-0x00000000028A0000-0x00000000028B4000-memory.dmpFilesize
80KB
-
memory/3772-2-0x0000000000400000-0x0000000000451000-memory.dmpFilesize
324KB