4aff974db2413e19562609cfa92f7a0c22a1f392c6b44fc0305740f79f323e9d

Analysis

max time kernel
133s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 17:11 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/System.dll
Size

10KB
MD5

0ae9c427fe7bbbbf1368c1c6d3933ae7
SHA1

c8e5131613302531c88512dada29a18886259268
SHA256

49437f4b9fd38007f3b2735f0a8a12830b995305c75118b440202980183d5c6a
SHA512

59b76b00f2b0d6242dc5bc3cb36d3ff78867445f502e34cea890c6f493c2adf9b97cec539963204ddd1c641e1a77139f46fc33dec4dc636f4b06d2edffffec6d
SSDEEP

96:vCCshwlpqUsYghN/9uvZ7CLWNCSiiVTQYBGVXRvuBDlSriklbuba1iLc+cEyzo7e:BzqUuh/uLCXIkYBGV9uVlSblbubbwtl

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1728	2436	WerFault.exe	16

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4524 wrote to memory of 2436	4524	rundll32.exe	16
PID 4524 wrote to memory of 2436	4524	rundll32.exe	16
PID 4524 wrote to memory of 2436	4524	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4524
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
  2⤵
  PID:2436
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 612
    3⤵
    - Program crash
    PID:1728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2436 -ip 2436
1⤵
PID:1448

Network

DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

177.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

177.178.17.96.in-addr.arpa

IN PTR

Response

177.178.17.96.in-addr.arpa

IN PTR

a96-17-178-177deploystaticakamaitechnologiescom
DNS

74.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.32.126.40.in-addr.arpa

IN PTR

Response
DNS

16.234.44.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

16.234.44.23.in-addr.arpa

IN PTR

Response

16.234.44.23.in-addr.arpa

IN PTR

a23-44-234-16deploystaticakamaitechnologiescom
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR

Response

18.134.221.88.in-addr.arpa

IN PTR

a88-221-134-18deploystaticakamaitechnologiescom
DNS

187.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

187.178.17.96.in-addr.arpa

IN PTR

Response

187.178.17.96.in-addr.arpa

IN PTR

a96-17-178-187deploystaticakamaitechnologiescom
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response
DNS

210.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.178.17.96.in-addr.arpa

IN PTR

Response

210.178.17.96.in-addr.arpa

IN PTR

a96-17-178-210deploystaticakamaitechnologiescom

No results found

8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

177.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

177.178.17.96.in-addr.arpa
8.8.8.8:53

74.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

74.32.126.40.in-addr.arpa
8.8.8.8:53

16.234.44.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

16.234.44.23.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

18.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

18.134.221.88.in-addr.arpa
8.8.8.8:53

187.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

187.178.17.96.in-addr.arpa
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

48.229.111.52.in-addr.arpa
8.8.8.8:53

210.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

210.178.17.96.in-addr.arpa

Windows 7 deprecation

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.