Analysis

  • max time kernel
    125s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220310-en
  • submitted
    23/03/2022, 02:20

General

  • Target

    1652-56-0x0000000000160000-0x000000000016E000-memory.dll

  • Size

    56KB

  • MD5

    de066a81a5888119f7074d7f3fcde32a

  • SHA1

    0da1a543e1906f621d17835d73d84e1ea92dac43

  • SHA256

    40a78495d842f1f74502318cebe8cc5551a80b7d1f947b6ddba2b27e839eaed0

  • SHA512

    c9925558f41f15c5c65fe5324c4ecdee4295f25192ef3ac556477a06e22de50f037c585ffe645d536cde746f62cc553be4b63c85b174b0a3592c27565f84a7af

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1652-56-0x0000000000160000-0x000000000016E000-memory.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4332
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\1652-56-0x0000000000160000-0x000000000016E000-memory.dll,#1
      2⤵
        PID:892
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 560
          3⤵
          • Program crash
          PID:484
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 892 -ip 892
      1⤵
        PID:1656

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads