Overview

overview

10

Static

static

3

5afef6b261...61.dll

windows7-x64

3

5afef6b261...61.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 15:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5afef6b26153bdfd0e8d59d37ead66765f771aae75b0c0fc6c0dbf8cd0dd6b61.dll

  • Size

    160KB

  • MD5

    ce2593b7bfe6f326c12ae73df5705b6f

  • SHA1

    1416afac1b809b74189ed5d812c7a8dfe3956cd0

  • SHA256

    5afef6b26153bdfd0e8d59d37ead66765f771aae75b0c0fc6c0dbf8cd0dd6b61

  • SHA512

    4ba7b1fe9030fe475ef6357fdffda289e597fe745d67c8e38e1bd9f625366931e3a3e05ee6f19c8dc0e0eac8d49ca6b8647cb79b56cb71c3888393a8c90af8ba

  • SSDEEP

    3072:OWt1QgmEC0pfcqMd0ll+GyaL7SED6XPj/M:xegVqjy/L7ZO/j/

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\5afef6b26153bdfd0e8d59d37ead66765f771aae75b0c0fc6c0dbf8cd0dd6b61.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3044
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\5afef6b26153bdfd0e8d59d37ead66765f771aae75b0c0fc6c0dbf8cd0dd6b61.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2016
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 224
        3⤵
        • Program crash
        PID:2088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads