Analysis
-
max time kernel
102s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
18/10/2024, 06:19
General
-
Target
1dfed425f638fe86fcd3c22473ded20af20c48fc5c3a8c7924b5b9f9c66d2512N.dll
-
Size
45KB
-
MD5
44b17a3822c0af1b0fc429b3ed3882c0
-
SHA1
f40fe764861835dfe806e55b79c45a6a9bf3efcf
-
SHA256
1dfed425f638fe86fcd3c22473ded20af20c48fc5c3a8c7924b5b9f9c66d2512
-
SHA512
3298fee28e2d6be2d243ff69da4603159e40d4d2c8f2fad8846c03d76706380f800197382aa913df09826ead924e3ab9269ca478db1a97bb1c35301e05a429a5
-
SSDEEP
768:yPVVmFS5XU8CfCuDXVuy53WXCN4BQu38r5zAy9ByeywJeXo9:yPGsjCKuDXX53SQF90cByeio
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1dfed425f638fe86fcd3c22473ded20af20c48fc5c3a8c7924b5b9f9c66d2512N.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1dfed425f638fe86fcd3c22473ded20af20c48fc5c3a8c7924b5b9f9c66d2512N.dll,#12⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 5803⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2936 -ip 29361⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB