Overview

overview

10

Static

static

10

cd85b0d191...71.dll

windows7-x64

1

cd85b0d191...71.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    134s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-05-2024 08:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cd85b0d19183909df9c280c790932bf18dc63485f7f6022e796b137247ab0c71.dll

  • Size

    160KB

  • MD5

    8b84a58287d60c2b04af308791c22bf8

  • SHA1

    dd2eb9dfa9130f1126b3a8c5c309178ab73b0848

  • SHA256

    cd85b0d19183909df9c280c790932bf18dc63485f7f6022e796b137247ab0c71

  • SHA512

    2f7f193c2c42cf915e2f83a583668b5f2dbfef40cf4ce47f608a3645b3b597f8d916b01b2d230bd0ccc377b34766daed1903bc029b91351191e865fd258ff3c5

  • SSDEEP

    3072:I02rPPBHaDJRCP5otSUrUXk4bAtcryyYbQ0ngzJKYF5Q:wrPPyJgPuU3bAZFn8F5

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd85b0d19183909df9c280c790932bf18dc63485f7f6022e796b137247ab0c71.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3452
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd85b0d19183909df9c280c790932bf18dc63485f7f6022e796b137247ab0c71.dll,#1
      2⤵
        PID:4280
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 544
          3⤵
          • Program crash
          PID:4252
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4280 -ip 4280
      1⤵
        PID:2104

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads