Analysis
-
max time kernel
78s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
25-06-2022 08:37
Static task
static1
Behavioral task
behavioral1
Sample
95b0a9828be2d96490fc0e4c412945eac8ad75b8730ea104e370391897dcdd08.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
95b0a9828be2d96490fc0e4c412945eac8ad75b8730ea104e370391897dcdd08.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
95b0a9828be2d96490fc0e4c412945eac8ad75b8730ea104e370391897dcdd08.dll
-
Size
204KB
-
MD5
8af8b5f1495851b8c52fa4735ac98c26
-
SHA1
190d879ad5562f71f8e813f22265a98c68f10cd7
-
SHA256
95b0a9828be2d96490fc0e4c412945eac8ad75b8730ea104e370391897dcdd08
-
SHA512
6f1cd68047499e98c9fc92e025a6b93ac6c6568e15635c60bafedb9af2fff9cb3e9938caff37fbfdb176fa4479954d855d693708747224f6fb33bff12ee940b4
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4452 2128 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4100 wrote to memory of 2128 4100 rundll32.exe rundll32.exe PID 4100 wrote to memory of 2128 4100 rundll32.exe rundll32.exe PID 4100 wrote to memory of 2128 4100 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\95b0a9828be2d96490fc0e4c412945eac8ad75b8730ea104e370391897dcdd08.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\95b0a9828be2d96490fc0e4c412945eac8ad75b8730ea104e370391897dcdd08.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 6323⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 2128 -ip 21281⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2128-130-0x0000000000000000-mapping.dmp