Overview

overview

10

Static

static

3

12164da760...08.dll

windows7-x64

10

12164da760...08.dll

windows10-2004-x64

9

Analysis

  • max time kernel
    134s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-05-2024 19:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    12164da7609f0f92f2959bc0b1bba80de170c9ae1bde20d11334766bce089308.dll

  • Size

    3.8MB

  • MD5

    2c0d7097828e0e86ae199d8a972d4743

  • SHA1

    cd360f2888f95f37c6886de65f143783773f4d64

  • SHA256

    12164da7609f0f92f2959bc0b1bba80de170c9ae1bde20d11334766bce089308

  • SHA512

    d4e68d14cd246381374aea68e6028699a95861b41e77c65f66c75c78227ddf7e34139fa6f3c7ca4b8c727cf1593f31026fd475c30d576599040e1ea3f9011143

  • SSDEEP

    24576:SNXIZH36nxg1A1IrhnlH/PigikmCORHOp5:UXutA1IFlHrzORW5

Score
9/10
upx

Malware Config

Signatures

  • UPX dump on OEP (original entry point) 4 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\12164da7609f0f92f2959bc0b1bba80de170c9ae1bde20d11334766bce089308.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4336
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\12164da7609f0f92f2959bc0b1bba80de170c9ae1bde20d11334766bce089308.dll,#1
      2⤵
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:3008
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        PID:3128
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 268
          4⤵
          • Program crash
          PID:5008
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 684
        3⤵
        • Program crash
        PID:4728
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3008 -ip 3008
    1⤵
      PID:2860
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3128 -ip 3128
      1⤵
        PID:4896

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\SysWOW64\rundll32mgr.exe
        Filesize

        99KB

        MD5

        f3873258a4258a6761dc54d47463182f

        SHA1

        fbbf8bca739ca4e9745e5224662b33b437a52461

        SHA256

        63b02a3e8e7e049d1f29cd4cd79fe5c8905754da6c023df72aa5cca351d0d5c5

        SHA512

        eec16bb41fd05d9acd5d2b17eb5218057c3cd97cd706e0782a64eb2c32f8a57f1206fe0268be7f37a9f1c3f7b8eb09767cf2724951eaee4be03c4d509d4b3dd4

        Download Submit

      • memory/3008-4-0x0000000010000000-0x00000000103D9000-memory.dmp

        Filesize

        3.8MB

        Download

      • memory/3008-8-0x0000000010000000-0x00000000103D9000-memory.dmp

        Filesize

        3.8MB

        Download

      • memory/3128-5-0x0000000000580000-0x0000000000581000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3128-6-0x0000000000400000-0x0000000000454000-memory.dmp

        Filesize

        336KB

        Download