Analysis
-
max time kernel
146s -
max time network
182s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
25-06-2022 08:37
General
-
Target
9127932759bc8b4e77f175e0a867e6152160db9a2d82a69731649c47c673db2a.dll
-
Size
204KB
-
MD5
c5104a7e0714a93cae4ebc4e110b8a08
-
SHA1
040a162be261dcc68ece1a6b70ab89648d666d61
-
SHA256
9127932759bc8b4e77f175e0a867e6152160db9a2d82a69731649c47c673db2a
-
SHA512
f36925443456bae8195ee92a97ca81e99cc4a6e1336910b9fcc9165d1b17fa30efba645d15f0d21867773a876317e36ab157ecb0bfbc07d66d3660a7e799f7b3
Score
3/10
Malware Config
Signatures
-
Program crash 2 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9127932759bc8b4e77f175e0a867e6152160db9a2d82a69731649c47c673db2a.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9127932759bc8b4e77f175e0a867e6152160db9a2d82a69731649c47c673db2a.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 6323⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 6323⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1888 -ip 18881⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1888-130-0x0000000000000000-mapping.dmp
-
memory/2640-131-0x0000000000000000-mapping.dmp