Analysis

  • max time kernel
    138s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-05-2024 10:52

General

  • Target

    林达QQ相册密码破解器/library.dll

  • Size

    243KB

  • MD5

    c8283132195b3618228883a3ffda7d66

  • SHA1

    6c1bdf36c3da538810a70a9df372e9a6240e8736

  • SHA256

    57758495dedf8568271182564f5c6ca17ee8fc89fc2ea76f1e990da8d035b6ba

  • SHA512

    f1926f5dbfc58ceaf6cfb2ccb6216760a8fd6a9d88c9bc524f194f2b52c73c4bc96a86ea21fd30cc6fdd9eb9171ac4f10e345852712074143ec0a8f625804cab

  • SSDEEP

    6144:Dkj21LRvNdUEeKJ6wr1EMmEAUgKJeaHxu6XZXq4t54MJu:DkjaRWKJHr1zmEACfw6JqI54M

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\林达QQ相册密码破解器\library.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\林达QQ相册密码破解器\library.dll,#1
      2⤵
        PID:452
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 588
          3⤵
          • Program crash
          PID:3348
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 452 -ip 452
      1⤵
        PID:4564

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads