Overview

overview

3

Static

static

3

c99c7109fa...2c.dll

windows7-x64

3

c99c7109fa...2c.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/03/2024, 21:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c99c7109fa2bea2aa1d9c7138ec7482c.dll

  • Size

    50KB

  • MD5

    c99c7109fa2bea2aa1d9c7138ec7482c

  • SHA1

    ae4184400fd3520e406e0019799253f7c4f8c0be

  • SHA256

    2960f8e5b32b415e42bddff914d424bd353721cd152500106e325ad044d534c1

  • SHA512

    6cf9180e78e46c1d83e5b6f5a0a0e86fe266f2fe28290883ec67832d09cb2c1c5c07f955e2d061370c1ef9392666401dac58a8dd309f99f3f56ad54df8eac213

  • SSDEEP

    1536:hFTOr0b12OI8dcg+imtP17KTspE764ZY:mIq8SntpKIpCf

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c99c7109fa2bea2aa1d9c7138ec7482c.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\c99c7109fa2bea2aa1d9c7138ec7482c.dll,#1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2200
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 232
        3⤵
        • Program crash
        PID:2372

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2200-0-0x00000000001D0000-0x0000000000203000-memory.dmp

          Filesize

          204KB

          Download

        • memory/2200-2-0x0000000013140000-0x0000000013170000-memory.dmp

          Filesize

          192KB

          Download

        • memory/2200-3-0x00000000001D0000-0x0000000000203000-memory.dmp

          Filesize

          204KB

          Download

        • memory/2200-1-0x00000000001D0000-0x0000000000203000-memory.dmp

          Filesize

          204KB

          Download

        • memory/2200-4-0x0000000013140000-0x0000000013170000-memory.dmp

          Filesize

          192KB

          Download

        • memory/2200-5-0x00000000775AF000-0x00000000775B0000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2200-8-0x0000000013140000-0x0000000013170000-memory.dmp

          Filesize

          192KB

          Download