Analysis
-
max time kernel
91s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
01-07-2022 14:24
Static task
static1
Behavioral task
behavioral1
Sample
3dd21d830f6e876e030a7bd76c657ee940afac1785690438475cb0a15c3b1805.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
3dd21d830f6e876e030a7bd76c657ee940afac1785690438475cb0a15c3b1805.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
3dd21d830f6e876e030a7bd76c657ee940afac1785690438475cb0a15c3b1805.dll
-
Size
206KB
-
MD5
47e80349b40b21f381458fa84c82cb83
-
SHA1
d401ad0be19247cef815444621c6c5db5ecea216
-
SHA256
3dd21d830f6e876e030a7bd76c657ee940afac1785690438475cb0a15c3b1805
-
SHA512
3b01fe5353ef94ff7961589d31de9fe5b38dc38bb289464dc54fbde56966f7b59d26af4340930dea8cdd438f793e4340422f3acfadf9bf586a4d2af60b8715ce
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3520 60 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4220 wrote to memory of 60 4220 rundll32.exe rundll32.exe PID 4220 wrote to memory of 60 4220 rundll32.exe rundll32.exe PID 4220 wrote to memory of 60 4220 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3dd21d830f6e876e030a7bd76c657ee940afac1785690438475cb0a15c3b1805.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3dd21d830f6e876e030a7bd76c657ee940afac1785690438475cb0a15c3b1805.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 60 -s 6803⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 60 -ip 601⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/60-130-0x0000000000000000-mapping.dmp