Analysis
-
max time kernel
143s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
25-06-2022 08:44
Static task
static1
Behavioral task
behavioral1
Sample
48fa896216b45a4346237e2dcccfcf88a1c8a1c5606b65c94a99f431a6fe6ce8.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
48fa896216b45a4346237e2dcccfcf88a1c8a1c5606b65c94a99f431a6fe6ce8.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
48fa896216b45a4346237e2dcccfcf88a1c8a1c5606b65c94a99f431a6fe6ce8.dll
-
Size
204KB
-
MD5
be475a8c93f33d7d32eaa933d0e53720
-
SHA1
e23a4446de5d56afe5234218827e07faf28746bb
-
SHA256
48fa896216b45a4346237e2dcccfcf88a1c8a1c5606b65c94a99f431a6fe6ce8
-
SHA512
dcec75fbc8d4c42c26c6a562f0573d24dedc247bda228072cdf65b2d421adfeb08a0584d3866495f7785ad8930996037a2c44903d7021436ebb80ff9f4016951
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3468 3428 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2684 wrote to memory of 3428 2684 rundll32.exe rundll32.exe PID 2684 wrote to memory of 3428 2684 rundll32.exe rundll32.exe PID 2684 wrote to memory of 3428 2684 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\48fa896216b45a4346237e2dcccfcf88a1c8a1c5606b65c94a99f431a6fe6ce8.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\48fa896216b45a4346237e2dcccfcf88a1c8a1c5606b65c94a99f431a6fe6ce8.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 6323⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3428 -ip 34281⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3428-130-0x0000000000000000-mapping.dmp