f510afafa8bc274807101458244358d99b71a939cafadc708d989108477e6ec9

Analysis

max time kernel
156s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2024 04:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d5a8bf8b8fdfcf9a9173c3c2426f80a.dll
Size

644KB
MD5

4d5a8bf8b8fdfcf9a9173c3c2426f80a
SHA1

0dc662c6e66103a402110b76e9d01ae04fb4784b
SHA256

f510afafa8bc274807101458244358d99b71a939cafadc708d989108477e6ec9
SHA512

329b8f800e680da16d9364c801f882d16d6d239e02b29f78053c86c70d006eb1a8f4f4ed2264a59892c143a0caa6342437e6822c2c1963ca5b288ea64fc45955
SSDEEP

12288:aS6lbuNIPJmri0issRfueVBLClaIfpEhKdVoG/C2ijmb6b7MP+Dd2a:alY0qGfvzLoKkoECdyi7MP+h2a

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2656	1640	WerFault.exe	88

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3624 wrote to memory of 1640	3624	rundll32.exe	88
PID 3624 wrote to memory of 1640	3624	rundll32.exe	88
PID 3624 wrote to memory of 1640	3624	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d5a8bf8b8fdfcf9a9173c3c2426f80a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3624
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d5a8bf8b8fdfcf9a9173c3c2426f80a.dll,#1
  2⤵
  - Modifies registry class
  PID:1640
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 668
    3⤵
    - Program crash
    PID:2656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1640 -ip 1640
1⤵
PID:404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1640-0-0x0000000010000000-0x00000000101AB000-memory.dmp

Filesize
1.7MB

Download
memory/1640-1-0x0000000002990000-0x00000000029C0000-memory.dmp

Filesize
192KB

Download
memory/1640-2-0x0000000002960000-0x0000000002962000-memory.dmp

Filesize
8KB

Download
memory/1640-3-0x0000000002970000-0x0000000002971000-memory.dmp

Filesize
4KB

Download
memory/1640-4-0x0000000000E90000-0x0000000000E91000-memory.dmp

Filesize
4KB

Download
memory/1640-5-0x0000000000EA0000-0x0000000000EA1000-memory.dmp

Filesize
4KB

Download
memory/1640-6-0x0000000002980000-0x0000000002981000-memory.dmp

Filesize
4KB

Download
memory/1640-8-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/1640-9-0x0000000002B50000-0x0000000002B51000-memory.dmp

Filesize
4KB

Download
memory/1640-7-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/1640-10-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/1640-11-0x0000000002B70000-0x0000000002B71000-memory.dmp

Filesize
4KB

Download
memory/1640-12-0x0000000002B60000-0x0000000002B61000-memory.dmp

Filesize
4KB

Download
memory/1640-13-0x0000000002B90000-0x0000000002B91000-memory.dmp

Filesize
4KB

Download
memory/1640-14-0x0000000002B80000-0x0000000002B81000-memory.dmp

Filesize
4KB

Download
memory/1640-15-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/1640-16-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/1640-17-0x0000000002BE0000-0x0000000002BE1000-memory.dmp

Filesize
4KB

Download
memory/1640-18-0x0000000002BC0000-0x0000000002BC1000-memory.dmp

Filesize
4KB

Download
memory/1640-19-0x0000000002C00000-0x0000000002C01000-memory.dmp

Filesize
4KB

Download
memory/1640-21-0x0000000002C20000-0x0000000002C21000-memory.dmp

Filesize
4KB

Download
memory/1640-20-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

Filesize
4KB

Download
memory/1640-22-0x0000000002C10000-0x0000000002C11000-memory.dmp

Filesize
4KB

Download
memory/1640-23-0x0000000002C40000-0x0000000002C41000-memory.dmp

Filesize
4KB

Download
memory/1640-24-0x0000000002C30000-0x0000000002C31000-memory.dmp

Filesize
4KB

Download
memory/1640-25-0x0000000002C60000-0x0000000002C61000-memory.dmp

Filesize
4KB

Download
memory/1640-26-0x0000000002C50000-0x0000000002C51000-memory.dmp

Filesize
4KB

Download
memory/1640-27-0x0000000002CA0000-0x0000000002CA1000-memory.dmp

Filesize
4KB

Download
memory/1640-28-0x0000000002C90000-0x0000000002C91000-memory.dmp

Filesize
4KB

Download
memory/1640-29-0x0000000002CC0000-0x0000000002CC1000-memory.dmp

Filesize
4KB

Download
memory/1640-30-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

Filesize
4KB

Download
memory/1640-31-0x0000000002DF0000-0x0000000002DF1000-memory.dmp

Filesize
4KB

Download
memory/1640-32-0x00000000010B0000-0x00000000010B1000-memory.dmp

Filesize
4KB

Download
memory/1640-33-0x0000000002E00000-0x0000000002E01000-memory.dmp

Filesize
4KB

Download
memory/1640-34-0x0000000010000000-0x00000000101AB000-memory.dmp

Filesize
1.7MB

Download
memory/1640-35-0x0000000002990000-0x00000000029C0000-memory.dmp

Filesize
192KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads