Analysis

  • max time kernel
    4294360s
  • max time network
    318s
  • platform
    windows7_x64
  • resource
    win7-20220311-en
  • submitted
    22-03-2022 15:39

General

  • Target

    Bloom/nw.dll

  • Size

    135.1MB

  • MD5

    3d2dadc029a8b5fc745a956c1a5ee568

  • SHA1

    a353b0fec54f5c853109b175cea49893b72f539e

  • SHA256

    b756c3f4de49600d23f369718cad7eb8645f7ada1dfafc71f47c18e3e2c5aadd

  • SHA512

    c513823f9ffaaba52d90f0a7733274787cbc9f380b3670da145a96947b4e1f6a539393f29ee22b65432048b8e15bd4014b760ec73e4e63a7b80975706467a5b5

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Bloom\nw.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1352
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1352 -s 204
      2⤵
      • Program crash
      PID:2028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads