Analysis

  • max time kernel
    21s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-11-2024 10:31

General

  • Target

    P2PStatReport.dll

  • Size

    364KB

  • MD5

    3b14cae0ea1d045bb5b196017913edb3

  • SHA1

    7ca456595148f2d5e71444a612f2351c4cd8a20d

  • SHA256

    a2aeac1855ccb0bab911ddbfd7c79e86834020dc3c260a335249d41aff594982

  • SHA512

    6c475600f041c229f8fb330e201f658db58f1a46f016731e64cf65cee64242876c7b71aef671532f41106cc35de9963b599eb39b63e1d980ef911392fbf0a200

  • SSDEEP

    3072:PhBjFKfAgML8uvAg91ABuqdFJYVzwQELAcxPmH027mLi2gy3KcmHwdsMqhRtZWaO:PhBZKYhAg9XAQwzba0Sk3UhNWnW0FHj

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\P2PStatReport.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2892
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\P2PStatReport.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2672
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 272
        3⤵
        • Program crash
        PID:2308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads