Analysis

  • max time kernel
    91s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/06/2024, 02:29

General

  • Target

    c776215b1a1a5e4428dd76efd28578d1c0e6a729a9c0e4a83617a3dc5e06f660.dll

  • Size

    56KB

  • MD5

    cb9fe75997ed9eb1750e82de87c2c3d2

  • SHA1

    811bd7c24e3c275e83d1ca7111349a27571ca5d8

  • SHA256

    c776215b1a1a5e4428dd76efd28578d1c0e6a729a9c0e4a83617a3dc5e06f660

  • SHA512

    3a555f06720d7596d3e773c1d44c90e7a3c3c1cea6c7223e3a2e60cd83e9f189210535f2477ecf227b80241d06b053615d7b7ecd89e08dc015dee97640fbdb4f

  • SSDEEP

    768:2MEyU2joCXwPaPOZxZ6pRb0x5sOV4YklKq:oyUuAC6xopRbIuY2

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c776215b1a1a5e4428dd76efd28578d1c0e6a729a9c0e4a83617a3dc5e06f660.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3844
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\c776215b1a1a5e4428dd76efd28578d1c0e6a729a9c0e4a83617a3dc5e06f660.dll,#1
      2⤵
        PID:3572
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 560
          3⤵
          • Program crash
          PID:2156
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3572 -ip 3572
      1⤵
        PID:2196

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads