Analysis
-
max time kernel
135s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
23-05-2024 01:20
General
-
Target
3982681ae0c7a6eb1f82c28ec0ed02c237de0b1dbd6e298c9a786c68427f4e0f.dll
-
Size
572KB
-
MD5
c6c8ac637b64b7a5013de464d8e32308
-
SHA1
5e128ea3f5bb943f6edec3e6e9e42d739652e0f8
-
SHA256
3982681ae0c7a6eb1f82c28ec0ed02c237de0b1dbd6e298c9a786c68427f4e0f
-
SHA512
2d19dffa7301f11ccde14c85f9ae88a6fcefad552b84890bfce804c3d61f2eda8efd3ae2a7bbdd015cdec8ff8963a988b14f0dcf4ab9d43782315c35f4f27d6e
-
SSDEEP
6144:5uRydcGid80GZydrXAjoiWCFAviiJy59qsfnd9idBWqpivTaZbNbySno/xn8CGGC:5uRyvidfd0oRoueCMlC+/tgr
Score
9/10
Malware Config
Signatures
-
UPX dump on OEP (original entry point) 1 IoCs
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3982681ae0c7a6eb1f82c28ec0ed02c237de0b1dbd6e298c9a786c68427f4e0f.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3982681ae0c7a6eb1f82c28ec0ed02c237de0b1dbd6e298c9a786c68427f4e0f.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 6003⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4852 -ip 48521⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4852-0-0x0000000074B90000-0x0000000074BA7000-memory.dmpFilesize
92KB