Analysis
-
max time kernel
91s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
25-06-2022 05:23
Behavioral task
behavioral1
Sample
bed8c0161b5e7cc1f536eb4b3ebbdc9d3cc0ede5b3ed68b33a1fecc1c8d37fc7.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
bed8c0161b5e7cc1f536eb4b3ebbdc9d3cc0ede5b3ed68b33a1fecc1c8d37fc7.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
bed8c0161b5e7cc1f536eb4b3ebbdc9d3cc0ede5b3ed68b33a1fecc1c8d37fc7.dll
-
Size
216KB
-
MD5
7be79bcee33e5409fdd006241886de6e
-
SHA1
9ff95fbb889af1594b234a126e0b7f432241f4f2
-
SHA256
bed8c0161b5e7cc1f536eb4b3ebbdc9d3cc0ede5b3ed68b33a1fecc1c8d37fc7
-
SHA512
f855a29768599469835b1a9d27d500ea40869f3683b37e22f79788e3ef15b19d3b348f2938cea64d6eb6145abe4e45c03d7a9a37121fdc101ac349b2d0aa0f50
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2084 488 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4144 wrote to memory of 488 4144 rundll32.exe rundll32.exe PID 4144 wrote to memory of 488 4144 rundll32.exe rundll32.exe PID 4144 wrote to memory of 488 4144 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bed8c0161b5e7cc1f536eb4b3ebbdc9d3cc0ede5b3ed68b33a1fecc1c8d37fc7.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bed8c0161b5e7cc1f536eb4b3ebbdc9d3cc0ede5b3ed68b33a1fecc1c8d37fc7.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 5403⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 488 -ip 4881⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/488-130-0x0000000000000000-mapping.dmp