Analysis
-
max time kernel
94s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
26-11-2024 07:47
General
-
Target
d14306617cc1d12caa6a4dc05686a5cbb704ac19b0661b49ab8d8f19d11f2bf6.dll
-
Size
52KB
-
MD5
43a36f34011932ba60f927ca76e3f93c
-
SHA1
d5ab02ab963b03b6308a2a44506a6cdfc16b7262
-
SHA256
d14306617cc1d12caa6a4dc05686a5cbb704ac19b0661b49ab8d8f19d11f2bf6
-
SHA512
37b07eccd3b0f527953b82739fe69a799d386351cea335aeab41aeff862e8015be9c624c4bf8c9658f0f1906b08a80f102a7071cfd2439dad00ff31e61b6364d
-
SSDEEP
768:5CrUbqHP9JAcgh/Q4Lmtk3SsWHIu3I2a2mYMsXMr3IedMZhK3D1Gc4:kQbq2h/QimNRT3BlMBr3IedMGD1Gc4
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d14306617cc1d12caa6a4dc05686a5cbb704ac19b0661b49ab8d8f19d11f2bf6.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d14306617cc1d12caa6a4dc05686a5cbb704ac19b0661b49ab8d8f19d11f2bf6.dll,#12⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 5603⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4988 -ip 49881⤵