Analysis
-
max time kernel
159s -
max time network
171s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
26-06-2022 01:58
Static task
static1
Behavioral task
behavioral1
Sample
369eba9d83f6fa072f924d2a8ab44e497ad5b02eaadeac08e0b20b14e6c49ad8.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
369eba9d83f6fa072f924d2a8ab44e497ad5b02eaadeac08e0b20b14e6c49ad8.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
369eba9d83f6fa072f924d2a8ab44e497ad5b02eaadeac08e0b20b14e6c49ad8.dll
-
Size
204KB
-
MD5
84941c1f1af56d701ca737fc9e5c4ac6
-
SHA1
aecb69223c68240bebca497c8d8b6edd32123695
-
SHA256
369eba9d83f6fa072f924d2a8ab44e497ad5b02eaadeac08e0b20b14e6c49ad8
-
SHA512
85a180670f18dba30b701438233ab7a962e5454e332fa16b3d422a9a82f9e77233de268cee37575ef20a7bba8482fa97cb8843cf9e60ffad247b6a54eb31e8a3
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3984 4152 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4256 wrote to memory of 4152 4256 rundll32.exe rundll32.exe PID 4256 wrote to memory of 4152 4256 rundll32.exe rundll32.exe PID 4256 wrote to memory of 4152 4256 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\369eba9d83f6fa072f924d2a8ab44e497ad5b02eaadeac08e0b20b14e6c49ad8.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\369eba9d83f6fa072f924d2a8ab44e497ad5b02eaadeac08e0b20b14e6c49ad8.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 6323⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4152 -ip 41521⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4152-130-0x0000000000000000-mapping.dmp