Analysis

  • max time kernel
    33s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12-04-2024 22:21

General

  • Target

    Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/audioplugin_phonon.dll

  • Size

    150KB

  • MD5

    268704605dd3be389db0913e48037eb6

  • SHA1

    d4bd4a55e2ca6eda2b9e533fdba2033da85fea09

  • SHA256

    6c3c29163bbe127a9e4a37a11bbb0b48be30567e9de58dde0f939498f0c343cf

  • SHA512

    e6c5fa56051dcfc2da52ac0db36f1a9607c8fc011f810be0d217e4fb5c48cf69c701d93dade579e830892b9d0bd459eb4ca5c041762ff03d88ca5c0adbe1db1e

  • SSDEEP

    3072:9SvYicJgqfiRXf15L0yeEy7jiTOMld5A0HsMcrWw5:9QvqMP15QCy+5AaWWw

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Content.Warning.v1.9.b-0xdeadc0de\Content Warning_Data\Plugins\x86_64\audioplugin_phonon.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2624
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2624 -s 84
      2⤵
        PID:2644

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads