ed5506c453718a8a50a65b63b0480dd6861db122d0601af632009156cea19b5b | Triage

Analysis

max time kernel
46s
max time network
50s
platform
windows7_x64
resource
win7-20220414-en
submitted
21/06/2022, 16:28

Sharing

Report Analysis Logs

General

Target

s3negar/s3negar.dll
Size

1.6MB
MD5

83f07110df33b070ebe99613a1acda4c
SHA1

c97c747f3cb228ba3b00c0359fea2236070cb910
SHA256

7173bf751a2bf8fb237a7cde943ddedd4e89a2b15b571899c84fbaa87c233e8f
SHA512

0ff98beb21c391a54417b688cc38cdf38374af8ca3b27034a478c307f9f83699cc28babd326965349ee81d722aa341e63dca2157da341f8bceb7b29b69fd6224

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1044	1672	WerFault.exe	18

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 1044	1672	rundll32.exe	27
PID 1672 wrote to memory of 1044	1672	rundll32.exe	27
PID 1672 wrote to memory of 1044	1672	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\s3negar\s3negar.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1672 -s 84
  2⤵
  - Program crash
  PID:1044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads