Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220718-en -
resource tags
arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system -
submitted
12-08-2022 08:35
Behavioral task
behavioral1
Sample
288-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win7-20220718-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
288-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win10v2004-20220721-en
1 signatures
150 seconds
General
-
Target
288-54-0x0000000180000000-0x0000000180009000-memory.dll
-
Size
36KB
-
MD5
578812220c9b47cad81682df0cfd7541
-
SHA1
9cc70649799fc3185182d8a1035b933dfd619e8c
-
SHA256
8c91922ef5d9c2405aa4b9a09c0c7aca885fd26b40335297084c9909c8ceb1a0
-
SHA512
aeacff5dce1345395fa7da7558d321ab54a25475d41019c75bcf11f4a70e53b3e096d9e1aa7a98a1f24fb77accfe85d59f57de0c84cdb5d18f360bcb460f0d9c
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2032 1912 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1912 wrote to memory of 2032 1912 rundll32.exe WerFault.exe PID 1912 wrote to memory of 2032 1912 rundll32.exe WerFault.exe PID 1912 wrote to memory of 2032 1912 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\288-54-0x0000000180000000-0x0000000180009000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1912 -s 562⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2032-54-0x0000000000000000-mapping.dmp