Analysis
-
max time kernel
43s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
04-06-2022 07:51
General
-
Target
113880f0ac34edce7cdc19fc151d4d974c4c0b39991ff2bc4cd6f62648d48e37.dll
-
Size
242KB
-
MD5
4aeeb8d5f73f841fcf29d1f0e7565453
-
SHA1
d093748ddd86667566c9ecfa9717e35af97c3a8b
-
SHA256
113880f0ac34edce7cdc19fc151d4d974c4c0b39991ff2bc4cd6f62648d48e37
-
SHA512
af1aa8d345225153da32b99ca2ea1a4a76f5fd4a6e1b88bc5e739bbc6d63743cb2749d70091cbd0fa81660bc07c0c01c4fe1af8de7518bad677cb51d815690dd
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
encoder/fnstenv_mov
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Blocklisted process makes network request 3 IoCs
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\113880f0ac34edce7cdc19fc151d4d974c4c0b39991ff2bc4cd6f62648d48e37.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\113880f0ac34edce7cdc19fc151d4d974c4c0b39991ff2bc4cd6f62648d48e37.dll,#12⤵
- Blocklisted process makes network request
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 13763⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/112-54-0x0000000000000000-mapping.dmp
-
memory/112-55-0x0000000075451000-0x0000000075453000-memory.dmpFilesize
8KB
-
memory/112-56-0x0000000010000000-0x0000000010091000-memory.dmpFilesize
580KB
-
memory/112-57-0x0000000000250000-0x0000000000274000-memory.dmpFilesize
144KB
-
memory/112-59-0x0000000010000000-0x0000000010091000-memory.dmpFilesize
580KB
-
memory/112-60-0x0000000000250000-0x0000000000274000-memory.dmpFilesize
144KB
-
memory/568-58-0x0000000000000000-mapping.dmp