Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
18-01-2024 02:57
General
-
Target
644afc029b04160bbb3a998595c2b970.dll
-
Size
199KB
-
MD5
644afc029b04160bbb3a998595c2b970
-
SHA1
a3d53a4ae75304118ec44d379a3a5e7896c0e2a4
-
SHA256
1f605cae44fca207e2f3192b28a3545d64b9541cb22a8d376284e45d8a42f324
-
SHA512
0cc791022bd42ed9322e6af48a99a40295c2ee6160c5b93f1f9a07f591977c6af856a516f7e041d2da5fa97c8351fc79fab3eb03e9c3dde63410e7f1b2551010
-
SSDEEP
3072:KRBKSEX6vbnHbZRN6O0y6T/dd0Xukd8zIsXUp7KKwgdDRhPAJ+h4RsJxKPpAiYM:oKtqvbnHbZRALguk8I7KOf8RsqxA
Score
7/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\644afc029b04160bbb3a998595c2b970.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\644afc029b04160bbb3a998595c2b970.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 5803⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4380 -ip 43801⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4380-0-0x0000000000400000-0x0000000000455000-memory.dmpFilesize
340KB
-
memory/4380-1-0x0000000002CF0000-0x0000000002D04000-memory.dmpFilesize
80KB