Analysis
-
max time kernel
47s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
11-07-2022 15:49
Static task
static1
Behavioral task
behavioral1
Sample
1732-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1732-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
1732-54-0x0000000180000000-0x0000000180009000-memory.dll
-
Size
36KB
-
MD5
6004da0fa1a143c540cd4f38c0d2a2f7
-
SHA1
107775643ebb8246280542745b5c8d0301f4e7c4
-
SHA256
48070f3101d14552073df2ae2c8093d2ecfe8ef1048e326fe0ef94d8d6190294
-
SHA512
597dbaaf727ed698c73121310d6deeba4b1a3968d593a5d9c7a2d9b1d82b5fe9fa7ecb15bf5f7023d56997bd744de35945de99c14e557c2397e8a1ddf0742c02
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 868 1836 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1836 wrote to memory of 868 1836 rundll32.exe WerFault.exe PID 1836 wrote to memory of 868 1836 rundll32.exe WerFault.exe PID 1836 wrote to memory of 868 1836 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1732-54-0x0000000180000000-0x0000000180009000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1836 -s 562⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/868-54-0x0000000000000000-mapping.dmp