Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
14-06-2022 12:52
Static task
static1
Behavioral task
behavioral1
Sample
1008-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1008-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
1008-54-0x0000000180000000-0x0000000180009000-memory.dll
-
Size
36KB
-
MD5
f99f3e8223f1882b5cc2736992b27a74
-
SHA1
f3f50bcf76b0e80206f4bdd323bc6380184f9ee7
-
SHA256
cbd602b0369f3026ac13ab6902ad682bc7480c0d1e5ac9da1e032dbec0a8b77c
-
SHA512
f8c731a16623fa2ef1e03771781c7f729a8d8024ca9e500129e3219f3fa39a7d25899c0c7b8204926b19845ecb85cbfa6b75a6e91e6a81b8c8bc345e68308386
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1640 1016 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1016 wrote to memory of 1640 1016 rundll32.exe WerFault.exe PID 1016 wrote to memory of 1640 1016 rundll32.exe WerFault.exe PID 1016 wrote to memory of 1640 1016 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1008-54-0x0000000180000000-0x0000000180009000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1016 -s 562⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1640-54-0x0000000000000000-mapping.dmp