Analysis
-
max time kernel
12s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
31-05-2022 07:47
Static task
static1
Behavioral task
behavioral1
Sample
1980-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1980-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
1980-54-0x0000000180000000-0x0000000180009000-memory.dll
-
Size
36KB
-
MD5
c718e0ad9d1147eb4ed60ae4eaadf996
-
SHA1
51402df41754714339b6f1434ab664ee94278284
-
SHA256
299146e2c828679ea8ca6746ec2bc6e575884598759fcfe94cad78b52bc20b6e
-
SHA512
b79f19890b1e8a64bc266e715bef799b591727c92b410cff67ef7a76aec0b9e0ecc73aeabf2b39c68302e3cb6542e6dfa21abab713b971bdea360eeee1b0904e
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1600 988 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 988 wrote to memory of 1600 988 rundll32.exe WerFault.exe PID 988 wrote to memory of 1600 988 rundll32.exe WerFault.exe PID 988 wrote to memory of 1600 988 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1980-54-0x0000000180000000-0x0000000180009000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 988 -s 562⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1600-54-0x0000000000000000-mapping.dmp