Analysis
-
max time kernel
44s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
27-09-2022 20:45
Behavioral task
behavioral1
Sample
1184-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win7-20220901-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
1184-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
1184-54-0x0000000180000000-0x0000000180009000-memory.dll
-
Size
36KB
-
MD5
5b051d9c7b0b7ba2b45017edb6130dfc
-
SHA1
64ca9a4f54d367aa0a69840fe557d59f170ca6c2
-
SHA256
d915d359598f55342d3b0675bb1174044ca8a3d0403fb2dd147a40614d74be14
-
SHA512
884490fc842122d5af4c33468a42617131a83a30d6a2633f89a8ad9c4959e501e098464c061823fc690e7c825fda0f73f64f7f41cf94180f3a92408793762dc1
-
SSDEEP
192:hHVMfa7TTCjJSixzPSAA56RCK7Yu/VPgw7gXBAQYfPq/3Kb:h1Mf0gJSix2AA56RCiZVoGQYnq/6b
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1160 1712 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1712 wrote to memory of 1160 1712 rundll32.exe WerFault.exe PID 1712 wrote to memory of 1160 1712 rundll32.exe WerFault.exe PID 1712 wrote to memory of 1160 1712 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1184-54-0x0000000180000000-0x0000000180009000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1712 -s 562⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1160-54-0x0000000000000000-mapping.dmp