Analysis
-
max time kernel
44s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
31-05-2022 08:20
Static task
static1
Behavioral task
behavioral1
Sample
272-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
272-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
272-54-0x0000000180000000-0x0000000180009000-memory.dll
-
Size
36KB
-
MD5
a59ee1996405d398d8c87f815db9a2a9
-
SHA1
d25987430825f23440880d8b35484a1c796f3357
-
SHA256
93c5a155997f5b5972bd74c5b072ce5008ec5872163634d121f92854112b1fb1
-
SHA512
705ba2ab09b34544b2d47ba1bb5a557adf65e65d3519dc8531ae37092a2a03c54ad974a3e6363ec858211b467bfd562b3b1e6789e67698a5e73ebd5069447e8e
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1168 912 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 912 wrote to memory of 1168 912 rundll32.exe WerFault.exe PID 912 wrote to memory of 1168 912 rundll32.exe WerFault.exe PID 912 wrote to memory of 1168 912 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\272-54-0x0000000180000000-0x0000000180009000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 912 -s 562⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1168-54-0x0000000000000000-mapping.dmp