Analysis
-
max time kernel
91s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20-05-2022 06:25
Static task
static1
Behavioral task
behavioral1
Sample
AWC.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
AWC.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
Behavioral task
behavioral3
Sample
Injector.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral4
Sample
Injector.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
AWC.dll
-
Size
2.8MB
-
MD5
e44955de07b7852360962ab04b9cf256
-
SHA1
c9d97f414c9ce0db34a84d6b84b331397de853ff
-
SHA256
287b654b6c588d3d2595307f0e5f48897742c798f1ce232f40e774e8f2242181
-
SHA512
ebdfb07ed7bdaf38fe21448ed1ca9b8e2fd7bc1de3879842926f45fb582bb2dd4c92454665930baade1d075918978ed36233d13e84898ecb1050c5405ecd4446
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2804 4236 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4356 wrote to memory of 4236 4356 rundll32.exe rundll32.exe PID 4356 wrote to memory of 4236 4356 rundll32.exe rundll32.exe PID 4356 wrote to memory of 4236 4356 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\AWC.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\AWC.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 5563⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4236 -ip 42361⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4236-130-0x0000000000000000-mapping.dmp