Analysis
-
max time kernel
44s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
16-06-2022 07:24
Behavioral task
behavioral1
Sample
26c434ac54b9c21dfd6a43878089bcaf96615f65470042c911416aff1c4e9e8d.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
26c434ac54b9c21dfd6a43878089bcaf96615f65470042c911416aff1c4e9e8d.dll
-
Size
627KB
-
MD5
b1dcafe393e89ec13270932ad8f868e7
-
SHA1
0c42f80d31d767007290ca51b866dc90622cd309
-
SHA256
26c434ac54b9c21dfd6a43878089bcaf96615f65470042c911416aff1c4e9e8d
-
SHA512
465a4a690fdb7087d1801fb81101e4f69811a7f7068f191e3df0b0375931e907ad9475ceabbf46a0ea41749b695ba21f6202aa31bcaa40d41c4f0cd9462ab076
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1596 800 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 800 wrote to memory of 1596 800 rundll32.exe WerFault.exe PID 800 wrote to memory of 1596 800 rundll32.exe WerFault.exe PID 800 wrote to memory of 1596 800 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\26c434ac54b9c21dfd6a43878089bcaf96615f65470042c911416aff1c4e9e8d.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 800 -s 2282⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1596-54-0x0000000000000000-mapping.dmp