Analysis

  • max time kernel
    98s
  • max time network
    142s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    21-11-2024 09:47

General

  • Target

    New folder (8)/sqlite3.dll

  • Size

    889KB

  • MD5

    7b3562cbd3525510a4a94ce49e98ba5a

  • SHA1

    1b70c434a3109daf57496be1a9916f7d86d19692

  • SHA256

    6347a9e00e8e3f18ae0f2edf19d6503761b3cf2d2d1a3badde9fd0bcdaa24063

  • SHA512

    01828b9bc783cdd9a0d1036784725df156a0e908d7d0bb7c0c2380aa517e18ef354c5b74713cc267dea30d38e7520265a02a1221b79f3dff373eda0985db674c

  • SSDEEP

    24576:9uxNAQB74x0FwTuis6eCwjH+SWLSzf/A/:9T+syis/LjH+SCSs

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\New folder (8)\sqlite3.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2616
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\New folder (8)\sqlite3.dll",#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:5096
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 552
        3⤵
        • Program crash
        PID:4708
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5096 -ip 5096
    1⤵
      PID:2016

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/5096-0-0x0000000061E00000-0x0000000061ECA000-memory.dmp

      Filesize

      808KB