Overview

overview

10

Static

static

3

b8af782f98...18.exe

windows7-x64

10

b8af782f98...18.exe

windows10-2004-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Perl.dll

windows7-x64

1

Perl.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    51s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-06-2024 12:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Perl.dll

  • Size

    102KB

  • MD5

    7c433e47ecfd8e776a8551eaa3566331

  • SHA1

    03061c1f3844edeb6e0f3d86fa5b3cefdbf81357

  • SHA256

    3696f8856be929b28f8db7902369251019168ef9d05c74e617f48a8f9d04ad01

  • SHA512

    33162aa80cc4ce511e2fe61ca4059067b264619d825afa66b791e3e0cacd7197e35ebfd1b257ba8d05e30209ce36822e1935eff6664e1c8a96e45ce7f3fbff7d

  • SSDEEP

    1536:MWeIFa9HStc5vzMQ8cCHFnfimx/F7I+eVdJp03lGIy6La4zSbEv1N9IvF1x7y819:mIaidkn65NSS4vF1x7yEFkB

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Perl.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3948
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Perl.dll,#1
      2⤵
        PID:4664
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 568
          3⤵
          • Program crash
          PID:4252
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4664 -ip 4664
      1⤵
        PID:2676

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads