Analysis
-
max time kernel
144s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
19-01-2024 11:26
General
-
Target
6781197c92bc19798b92411306f5d99e.dll
-
Size
171KB
-
MD5
6781197c92bc19798b92411306f5d99e
-
SHA1
e2a944f8453137ea0e1a081c004ecf33b4fe9d5e
-
SHA256
cfb568ffa756f889f2fef28e17c1fb9388603ccbae27ab3cdc491914d298e81e
-
SHA512
86580a860e02ee6f56078200ccd9eb5f7613a3c8076f8272ded432a389ebdf31535a9e854eee019b7eeced4fdc1d5e77d4d217076b34d369ca6fbdaffc19f68a
-
SSDEEP
3072:pXgNfqDLdhcCu5Q+Mc29SPSuQlTBPvOLkonVpoNABc4N1vhCsOGHboutA:pwkUc8KJlU4on3DyYCsroS
Score
7/10
Malware Config
Signatures
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6781197c92bc19798b92411306f5d99e.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6781197c92bc19798b92411306f5d99e.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 5443⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2056 -ip 20561⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2056-0-0x00000000007C0000-0x000000000080B000-memory.dmpFilesize
300KB
-
memory/2056-1-0x00000000007C0000-0x000000000080B000-memory.dmpFilesize
300KB
-
memory/2056-2-0x0000000000830000-0x0000000000844000-memory.dmpFilesize
80KB