Analysis
-
max time kernel
42s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
07-07-2022 17:42
Behavioral task
behavioral1
Sample
748-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
748-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
748-54-0x0000000180000000-0x0000000180009000-memory.dll
-
Size
36KB
-
MD5
05dd11df0172f9ebbb2c0adc979db071
-
SHA1
ab4b1e7e797e164c4a3be9d3c260a0240fac549d
-
SHA256
766f8304aa55b1fdc64ea68e37a16c09f7e0d689cc4364e36b4720d4d94d5d57
-
SHA512
ff77e3813995cb90dad565c5a84d0bd0fb26d92b205d82596157e3c56bd50c067098d5f341f4c70ba2705880dc3a62714fa1025c11d4837b352fa2f1eb9fc0ee
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1748 968 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 968 wrote to memory of 1748 968 rundll32.exe WerFault.exe PID 968 wrote to memory of 1748 968 rundll32.exe WerFault.exe PID 968 wrote to memory of 1748 968 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\748-54-0x0000000180000000-0x0000000180009000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 968 -s 562⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1748-54-0x0000000000000000-mapping.dmp