Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
06-09-2022 00:06
General
-
Target
CrashInfo.SA.dll
-
Size
449KB
-
MD5
2ff14ecd0de8dd893dac16c72b6488a1
-
SHA1
24ab165560f92784701ef56d643923c98e8b1156
-
SHA256
98d6277dafd1915795527fc23cfeebd58fae87f4c269761defcaea766156992e
-
SHA512
4ebf323ee7ad8ffabe794ea00239cea8ebcdb697cd73cd87b6f840c42cbf5a437beeb7820d07ec17677ab6f6613f6bd317bd29fa527729c31e0e3425e6654427
-
SSDEEP
12288:hwuyGdPHY7vsijRsI5yO8pzBlonudLZ2RMGhBlaCJ:htHOvsijRsI5YtZ2qMl
Score
3/10
Malware Config
Signatures
-
Program crash 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\CrashInfo.SA.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\CrashInfo.SA.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 6043⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 8323⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4308 -ip 43081⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4308 -ip 43081⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4308-132-0x0000000000000000-mapping.dmp