Analysis

  • max time kernel
    94s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-12-2024 20:23

General

  • Target

    2d3f7d60c5cbea60fb42fbf63f15d445aabdff4a06652cf6deedc9fbf88d5e6c.dll

  • Size

    281KB

  • MD5

    462ebd15e0e2c6b52d4abbb41da987a9

  • SHA1

    a57b5924983aef79a50637cf758949d8921a5b53

  • SHA256

    2d3f7d60c5cbea60fb42fbf63f15d445aabdff4a06652cf6deedc9fbf88d5e6c

  • SHA512

    e80e91d560f2a1eac0b8635c4b96eaf98bc6c9c197f4971531b57ec48934ce8d7c50be6b1900a1330723df82168f9bc2f443cb4bd0081fb39520405240713ee9

  • SSDEEP

    3072:Pjh9N4a1j712h9Td2+1lxvTeZna8xUhUbT15adYke/wZU2PWOqZFivvef+xM65d4:PjdFKdoSxvixTxUAHh/w2GWz3fmM7

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d3f7d60c5cbea60fb42fbf63f15d445aabdff4a06652cf6deedc9fbf88d5e6c.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4068
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d3f7d60c5cbea60fb42fbf63f15d445aabdff4a06652cf6deedc9fbf88d5e6c.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4768
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 680
        3⤵
        • Program crash
        PID:3588
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 4768 -ip 4768
    1⤵
      PID:3300

    Network

    • flag-us
      DNS
      217.106.137.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.106.137.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      217.106.137.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.106.137.52.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      180.129.81.91.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      180.129.81.91.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      180.129.81.91.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      180.129.81.91.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      180.129.81.91.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      180.129.81.91.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      2.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      2.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      2.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      2.159.190.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      58.55.71.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      58.55.71.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      53.210.109.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      53.210.109.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      181.129.81.91.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      181.129.81.91.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      181.129.81.91.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      181.129.81.91.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      13.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      13.227.111.52.in-addr.arpa
      IN PTR
      Response
    No results found
    • 8.8.8.8:53
      217.106.137.52.in-addr.arpa
      dns
      146 B
      147 B
      2
      1

      DNS Request

      217.106.137.52.in-addr.arpa

      DNS Request

      217.106.137.52.in-addr.arpa

    • 8.8.8.8:53
      180.129.81.91.in-addr.arpa
      dns
      216 B
      147 B
      3
      1

      DNS Request

      180.129.81.91.in-addr.arpa

      DNS Request

      180.129.81.91.in-addr.arpa

      DNS Request

      180.129.81.91.in-addr.arpa

    • 8.8.8.8:53
      2.159.190.20.in-addr.arpa
      dns
      142 B
      157 B
      2
      1

      DNS Request

      2.159.190.20.in-addr.arpa

      DNS Request

      2.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
      144 B
      1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      58.55.71.13.in-addr.arpa
      dns
      70 B
      144 B
      1
      1

      DNS Request

      58.55.71.13.in-addr.arpa

    • 8.8.8.8:53
      53.210.109.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      53.210.109.20.in-addr.arpa

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      288 B
      146 B
      4
      1

      DNS Request

      15.164.165.52.in-addr.arpa

      DNS Request

      15.164.165.52.in-addr.arpa

      DNS Request

      15.164.165.52.in-addr.arpa

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      181.129.81.91.in-addr.arpa
      dns
      144 B
      147 B
      2
      1

      DNS Request

      181.129.81.91.in-addr.arpa

      DNS Request

      181.129.81.91.in-addr.arpa

    • 8.8.8.8:53
      13.227.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      13.227.111.52.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.