Analysis
-
max time kernel
143s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20-06-2022 04:10
Behavioral task
behavioral1
Sample
330230b667873603377f0802abf01af99a778330b30b6190174a13c1aa1808f5.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
330230b667873603377f0802abf01af99a778330b30b6190174a13c1aa1808f5.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
330230b667873603377f0802abf01af99a778330b30b6190174a13c1aa1808f5.dll
-
Size
1.4MB
-
MD5
ab7dbbf3b7146aea68cb674376eb61c8
-
SHA1
072c3aa96981ab83bd400151b3bcd219e8ea777a
-
SHA256
330230b667873603377f0802abf01af99a778330b30b6190174a13c1aa1808f5
-
SHA512
9801d142820f33aede76d6250f17da133e4a31d7f57defd41c92c32cfc09804cb13d7e4e6759c63a319855d57a293a13c7680ef24bed14a095854828f5e12259
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1468 5020 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4308 wrote to memory of 5020 4308 rundll32.exe rundll32.exe PID 4308 wrote to memory of 5020 4308 rundll32.exe rundll32.exe PID 4308 wrote to memory of 5020 4308 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\330230b667873603377f0802abf01af99a778330b30b6190174a13c1aa1808f5.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\330230b667873603377f0802abf01af99a778330b30b6190174a13c1aa1808f5.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 7803⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5020 -ip 50201⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/5020-130-0x0000000000000000-mapping.dmp