Analysis
-
max time kernel
41s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
06-09-2022 15:02
Behavioral task
behavioral1
Sample
1448-55-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
1448-55-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
1448-55-0x0000000180000000-0x0000000180009000-memory.dll
-
Size
36KB
-
MD5
76e5b9ccfa5c85ebcee814f8aca03cdc
-
SHA1
723442e9756899143752327888cb2a6302b405ab
-
SHA256
577a9b35d81b80aa3f4b925a1e09cb07b1d3de08df6139acfd92fc31127fa26e
-
SHA512
624a5a354c7fdd6c3392a224037db29c4bafb2893ba439875b153ae01021a14dfa419d0fe0fe325a9a6c7c326d555f39d4c4ee75f72182371576c96971d8301d
-
SSDEEP
192:hHVMfa7TTCjJSixzPSAA56RCK7Yu/VPgwlKXBAQYfPq/3KbG:h1Mf0gJSix2AA56RCiZVcGQYnq/6bG
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 548 864 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 864 wrote to memory of 548 864 rundll32.exe WerFault.exe PID 864 wrote to memory of 548 864 rundll32.exe WerFault.exe PID 864 wrote to memory of 548 864 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1448-55-0x0000000180000000-0x0000000180009000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:864 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 864 -s 562⤵
- Program crash
PID:548
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/548-54-0x0000000000000000-mapping.dmp