Analysis
-
max time kernel
126s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
01-07-2022 06:28
Static task
static1
Behavioral task
behavioral1
Sample
a70146b72706db0462b4ff6b0166ce05be3cfa8ab768c88fe44b5a326b93e721.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
a70146b72706db0462b4ff6b0166ce05be3cfa8ab768c88fe44b5a326b93e721.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
a70146b72706db0462b4ff6b0166ce05be3cfa8ab768c88fe44b5a326b93e721.dll
-
Size
206KB
-
MD5
13a650cd7f2b3430e2d26a489acc897f
-
SHA1
951899592d832f31d891e31a88acf9a19cbae9aa
-
SHA256
a70146b72706db0462b4ff6b0166ce05be3cfa8ab768c88fe44b5a326b93e721
-
SHA512
9e8bfe2adc9f233f63361dfd456bd445b012b1fee3ec9bd372f6e98633d7c219895ca278483d0bd74b797a2a57798f0485ea5da9f28bf900831db322fe1bcac4
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4732 5016 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1988 wrote to memory of 5016 1988 rundll32.exe rundll32.exe PID 1988 wrote to memory of 5016 1988 rundll32.exe rundll32.exe PID 1988 wrote to memory of 5016 1988 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a70146b72706db0462b4ff6b0166ce05be3cfa8ab768c88fe44b5a326b93e721.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a70146b72706db0462b4ff6b0166ce05be3cfa8ab768c88fe44b5a326b93e721.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 6883⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5016 -ip 50161⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/5016-130-0x0000000000000000-mapping.dmp