Analysis
-
max time kernel
93s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
21-12-2024 14:43
General
-
Target
555e6698962d4156f69aa3209dae48139d4458e001cd04e4130a30accc73ff7c.dll
-
Size
2.9MB
-
MD5
d715b622545bafb775809ffab8014839
-
SHA1
912e9275d186b74b45db696025b6832cd87224cf
-
SHA256
555e6698962d4156f69aa3209dae48139d4458e001cd04e4130a30accc73ff7c
-
SHA512
8d2e466ef9982f70b50360a9a10b52ce06c0242d1f7836892aedb13b30283aec38b0c2336b02420152faeb88f8f996e53ce0a96b50b2f0e829863a8e85c18a56
-
SSDEEP
49152:Xan7Ni8SUGNQtlnynKMlqU9up8wgBjaw/8ftNx5KMYs18X5rEklt8XIba5k:Xa7Ni8SUblnynKkF9uvgVawYNxdh1mVX
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\555e6698962d4156f69aa3209dae48139d4458e001cd04e4130a30accc73ff7c.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\555e6698962d4156f69aa3209dae48139d4458e001cd04e4130a30accc73ff7c.dll,#12⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 6643⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3396 -ip 33961⤵