Analysis
-
max time kernel
151s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
01-07-2022 14:17
Static task
static1
Behavioral task
behavioral1
Sample
add921ad49469bc917ec801ff341c3ae75b0d8227f9a021e012d11e61a486ced.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
add921ad49469bc917ec801ff341c3ae75b0d8227f9a021e012d11e61a486ced.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
add921ad49469bc917ec801ff341c3ae75b0d8227f9a021e012d11e61a486ced.dll
-
Size
204KB
-
MD5
e8c7ab1b9803790b955c6c7c8ea7ec65
-
SHA1
0505f6dd1d54929e735bbe76d2c99694a8d481a6
-
SHA256
add921ad49469bc917ec801ff341c3ae75b0d8227f9a021e012d11e61a486ced
-
SHA512
6f61fcad9bd9e71f9e62b4632c93fce4bcac8fe3077677b7a0d614307403874aaf9bc6a005343b091d54aaf4840c34b1dd6d852b2e5d70a64531f7cad6657232
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3680 1424 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1780 wrote to memory of 1424 1780 rundll32.exe rundll32.exe PID 1780 wrote to memory of 1424 1780 rundll32.exe rundll32.exe PID 1780 wrote to memory of 1424 1780 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\add921ad49469bc917ec801ff341c3ae75b0d8227f9a021e012d11e61a486ced.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\add921ad49469bc917ec801ff341c3ae75b0d8227f9a021e012d11e61a486ced.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 6363⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1424 -ip 14241⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1424-130-0x0000000000000000-mapping.dmp