Analysis
-
max time kernel
139s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
26/08/2024, 03:56
General
-
Target
05fb35fad542db0f4585e95d41986e15a5963f9ab66f116b2f8da602e0877c9e.dll
-
Size
395KB
-
MD5
5f8c9c7631fc32bdf8f4ef3ee7707199
-
SHA1
1500033337634c229cbd30947d5a4c1f10548881
-
SHA256
05fb35fad542db0f4585e95d41986e15a5963f9ab66f116b2f8da602e0877c9e
-
SHA512
26f34bccb10cd3ba37774af65a122ac0525f8caf4f2a13300794b8aff49ac9c34e0a4cff77648e3c03a25730b4820d08d9f93aa04688351f050ee11987b16a9d
-
SSDEEP
12288:06GwiKwp+OMDbDDmUS5j5KfkVz/bF5TpGLNCqAFU/hQqP:0jQDmUS5ikVz/bF5Tp+NCqAm/hQq
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\05fb35fad542db0f4585e95d41986e15a5963f9ab66f116b2f8da602e0877c9e.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\05fb35fad542db0f4585e95d41986e15a5963f9ab66f116b2f8da602e0877c9e.dll,#12⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 6123⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 768 -ip 7681⤵