Analysis
-
max time kernel
135s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
26-06-2022 23:01
Static task
static1
Behavioral task
behavioral1
Sample
35cd8737cebb9f72db999a49b260c5d9188615b31302d8e7d01b4f37ba4609db.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
35cd8737cebb9f72db999a49b260c5d9188615b31302d8e7d01b4f37ba4609db.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
35cd8737cebb9f72db999a49b260c5d9188615b31302d8e7d01b4f37ba4609db.dll
-
Size
204KB
-
MD5
4a79e1626ce14d7ae5f5b7965c872103
-
SHA1
350cfa0b6f502672cb5e15ce10e17bc17632e749
-
SHA256
35cd8737cebb9f72db999a49b260c5d9188615b31302d8e7d01b4f37ba4609db
-
SHA512
d64477e547e7a522894997bcfff2b205b40da4d2740a166f07b3a1e6fcfc6dcfaab8569221e4b271ad23d6756e461363e55cb11fab4cb510cbae6e92a1ad06aa
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2664 2224 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3376 wrote to memory of 2224 3376 rundll32.exe rundll32.exe PID 3376 wrote to memory of 2224 3376 rundll32.exe rundll32.exe PID 3376 wrote to memory of 2224 3376 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\35cd8737cebb9f72db999a49b260c5d9188615b31302d8e7d01b4f37ba4609db.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\35cd8737cebb9f72db999a49b260c5d9188615b31302d8e7d01b4f37ba4609db.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 6323⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2224 -ip 22241⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2224-130-0x0000000000000000-mapping.dmp