428b46215b5c992fd7aa4d3e6edabce901928bad7231050eda6b1a64344e5854 | Triage

Analysis

max time kernel
903s
max time network
905s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21-09-2022 00:35

Sharing

Report Analysis Logs

General

Target

nWysXc.dll
Size

3.6MB
MD5

3ad465cc538b57026aa28b1157885621
SHA1

1715b6a42f9cd1ed6ac0789d3255d9cb5b83bb74
SHA256

8fbe7927d62938479125474d0e634c5e50d88a47beb6e802d5ca8ef52cd3c021
SHA512

22425364d813bfcb58ac87cec9f575265fb2b26046dab664bcda649a598e0cd05b9e84d7fe32ae7471d3f3882eb0f931de7bdd318debd2c7f54fe332a824edbf
SSDEEP

24576:2BeR8J1ZadeRT8E/xRm8P2IHzYQEitobudhkIJvHadqG6p02Pd0p7OMlh72Mm3Dl:4i8JradeRQG

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1932	2012	WerFault.exe	20

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 1932	2012	rundll32.exe	28
PID 2012 wrote to memory of 1932	2012	rundll32.exe	28
PID 2012 wrote to memory of 1932	2012	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\nWysXc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2012 -s 84
  2⤵
  - Program crash
  PID:1932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads