Analysis
-
max time kernel
38s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
11-07-2022 23:39
Static task
static1
Behavioral task
behavioral1
Sample
1412-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1412-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
1412-54-0x0000000180000000-0x0000000180009000-memory.dll
-
Size
36KB
-
MD5
e9e8149e94e2d331ec7083cc6d2eb113
-
SHA1
ecdea3c97e2a9641aec56972b6fc8c7825862706
-
SHA256
7589c57c31eaa244255f1c8884d727822dc3e39b96cdf25df8b319d3c2dea4d0
-
SHA512
5fbf6debc5274449c72cac859aed32a8c5258f1d7c9886c4c3a3c787018637a2acb4b04886c069ada9236b078c52d79593a92a3afdea7a01e60a96ef16d9d731
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1664 756 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 756 wrote to memory of 1664 756 rundll32.exe WerFault.exe PID 756 wrote to memory of 1664 756 rundll32.exe WerFault.exe PID 756 wrote to memory of 1664 756 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1412-54-0x0000000180000000-0x0000000180009000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 756 -s 562⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1664-54-0x0000000000000000-mapping.dmp