Analysis
-
max time kernel
146s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
26-03-2022 22:49
Static task
static1
Behavioral task
behavioral1
Sample
57648c9330c9544033ddf2885d8ddda3d1e4e53e9754b92eb561c52cbe41a5a1.dll
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
57648c9330c9544033ddf2885d8ddda3d1e4e53e9754b92eb561c52cbe41a5a1.dll
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
57648c9330c9544033ddf2885d8ddda3d1e4e53e9754b92eb561c52cbe41a5a1.dll
-
Size
203KB
-
MD5
3895fd5c729f59f3418b8780314de272
-
SHA1
0ad9e1c461872963587196f4797bded27b20e112
-
SHA256
57648c9330c9544033ddf2885d8ddda3d1e4e53e9754b92eb561c52cbe41a5a1
-
SHA512
75ecd26bedaa2ffb2cbc38d8ea9246c5cec23b54d176d5a4d2e24aafb17c41b7838a4faf65cdf4022f8e80b216f112f52750b230db8f7cea843741adc9a68365
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1348 3868 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1708 wrote to memory of 3868 1708 rundll32.exe rundll32.exe PID 1708 wrote to memory of 3868 1708 rundll32.exe rundll32.exe PID 1708 wrote to memory of 3868 1708 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\57648c9330c9544033ddf2885d8ddda3d1e4e53e9754b92eb561c52cbe41a5a1.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\57648c9330c9544033ddf2885d8ddda3d1e4e53e9754b92eb561c52cbe41a5a1.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 6323⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3868 -ip 38681⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3868-130-0x0000000000000000-mapping.dmp