Analysis
-
max time kernel
20s -
max time network
26s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
07-07-2022 22:17
Static task
static1
Behavioral task
behavioral1
Sample
b63d83089effe2fc647f703183fe6ab7d0ae8a4f0df375c2bd1f22a10bbc67da.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
b63d83089effe2fc647f703183fe6ab7d0ae8a4f0df375c2bd1f22a10bbc67da.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
b63d83089effe2fc647f703183fe6ab7d0ae8a4f0df375c2bd1f22a10bbc67da.dll
-
Size
206KB
-
MD5
43a245f94f479a1b5d6e6f3fa4c71e1a
-
SHA1
5e0118c611d2907e0232e0549c33845a8251e9df
-
SHA256
b63d83089effe2fc647f703183fe6ab7d0ae8a4f0df375c2bd1f22a10bbc67da
-
SHA512
2b36e42a72e3f5ce6b32a6bfa6d6d908eeb963ad12b2f5154ad95c9b6d4f35d98af64d9380730bed2672b0d260d4808a62412bdd139d7f8a18cb1db9458d9868
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 5016 4748 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4780 wrote to memory of 4748 4780 rundll32.exe rundll32.exe PID 4780 wrote to memory of 4748 4780 rundll32.exe rundll32.exe PID 4780 wrote to memory of 4748 4780 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b63d83089effe2fc647f703183fe6ab7d0ae8a4f0df375c2bd1f22a10bbc67da.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b63d83089effe2fc647f703183fe6ab7d0ae8a4f0df375c2bd1f22a10bbc67da.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 6323⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4748 -ip 47481⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4748-130-0x0000000000000000-mapping.dmp