Analysis
-
max time kernel
70s -
max time network
85s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-es -
submitted
23-06-2022 23:06
Static task
static1
Behavioral task
behavioral1
Sample
65e5ded9bc27a4562fb5cbb6b827273be9f6ed3b2159832a57fd3ca8c78573fe.dll
Resource
win10-20220414-es
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
65e5ded9bc27a4562fb5cbb6b827273be9f6ed3b2159832a57fd3ca8c78573fe.dll
Resource
win10v2004-20220414-es
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
65e5ded9bc27a4562fb5cbb6b827273be9f6ed3b2159832a57fd3ca8c78573fe.dll
-
Size
20.0MB
-
MD5
bf5aee7ba0ac7286f4879ca34ca63903
-
SHA1
9bc40c49a3dbc41f618d11f4b113f234c1713dc4
-
SHA256
65e5ded9bc27a4562fb5cbb6b827273be9f6ed3b2159832a57fd3ca8c78573fe
-
SHA512
887125ea071749f717f5d39828b5ac200ee8f80aaedfe6b58167c0bfa68ec8e921c0cbbe63de8ad49eab8ff28c5c09d7b06aecf6e51df63f1195c257ddc4cd49
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4484 1196 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4548 wrote to memory of 1196 4548 rundll32.exe rundll32.exe PID 4548 wrote to memory of 1196 4548 rundll32.exe rundll32.exe PID 4548 wrote to memory of 1196 4548 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\65e5ded9bc27a4562fb5cbb6b827273be9f6ed3b2159832a57fd3ca8c78573fe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\65e5ded9bc27a4562fb5cbb6b827273be9f6ed3b2159832a57fd3ca8c78573fe.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 5843⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1196 -ip 11961⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1196-130-0x0000000000000000-mapping.dmp