f30913b7167f3bc29b56576969e3c189b17e4f3eaf3cbf616889d374bba64191

Analysis

max time kernel
22s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-10-2022 04:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f30913b7167f3bc29b56576969e3c189b17e4f3eaf3cbf616889d374bba64191.dll
Size

101KB
MD5

718f37c96b4b1d4a886e194aebfc3320
SHA1

a915de1092153c1816f443267abaf96fed65c1d5
SHA256

f30913b7167f3bc29b56576969e3c189b17e4f3eaf3cbf616889d374bba64191
SHA512

a4d5c0986987cf1a5c7e010abb706d6d5650c844cb6d7c9b37bb42849a4c9bc369afbf53ec224c6505091526e380fe675102b84c0fed33439ecaa5356e0d66a9
SSDEEP

1536:dIfbmS1y1JAJZA0NOC0RSJq/rmx4RCwC4C2pIjhxAFC2Kj+66CZhtA:yfiaYUP0UJqCxaC4COnz0u

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1708	rundll32mgr.exe

Loads dropped DLL 9 IoCs

pid	Process
1364	rundll32.exe
1364	rundll32.exe
1272	WerFault.exe
1272	WerFault.exe
1272	WerFault.exe
1272	WerFault.exe
1272	WerFault.exe
1272	WerFault.exe
1272	WerFault.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rundll32mgr.exe	rundll32.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1248	1364	WerFault.exe	28
1272	1708	WerFault.exe	29

Suspicious use of WriteProcessMemory 19 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 1364	2012	rundll32.exe	28
PID 2012 wrote to memory of 1364	2012	rundll32.exe	28
PID 2012 wrote to memory of 1364	2012	rundll32.exe	28
PID 2012 wrote to memory of 1364	2012	rundll32.exe	28
PID 2012 wrote to memory of 1364	2012	rundll32.exe	28
PID 2012 wrote to memory of 1364	2012	rundll32.exe	28
PID 2012 wrote to memory of 1364	2012	rundll32.exe	28
PID 1364 wrote to memory of 1708	1364	rundll32.exe	29
PID 1364 wrote to memory of 1708	1364	rundll32.exe	29
PID 1364 wrote to memory of 1708	1364	rundll32.exe	29
PID 1364 wrote to memory of 1708	1364	rundll32.exe	29
PID 1364 wrote to memory of 1248	1364	rundll32.exe	30
PID 1364 wrote to memory of 1248	1364	rundll32.exe	30
PID 1364 wrote to memory of 1248	1364	rundll32.exe	30
PID 1364 wrote to memory of 1248	1364	rundll32.exe	30
PID 1708 wrote to memory of 1272	1708	rundll32mgr.exe	31
PID 1708 wrote to memory of 1272	1708	rundll32mgr.exe	31
PID 1708 wrote to memory of 1272	1708	rundll32mgr.exe	31
PID 1708 wrote to memory of 1272	1708	rundll32mgr.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f30913b7167f3bc29b56576969e3c189b17e4f3eaf3cbf616889d374bba64191.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f30913b7167f3bc29b56576969e3c189b17e4f3eaf3cbf616889d374bba64191.dll,#1
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1364
- - C:\Windows\SysWOW64\rundll32mgr.exe
    C:\Windows\SysWOW64\rundll32mgr.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1708
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 92
      4⤵
      Loads dropped DLL
      Program crash
      PID:1272
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 228
    3⤵
    - Program crash
    PID:1248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\rundll32mgr.exe

Filesize
88KB

MD5
a61ea5f2325332c52bff5bce3d161336

SHA1
3a883b8241f5f2efaa76367240db800d78a0209c

SHA256
e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b

SHA512
fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
88KB

MD5
a61ea5f2325332c52bff5bce3d161336

SHA1
3a883b8241f5f2efaa76367240db800d78a0209c

SHA256
e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b

SHA512
fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
88KB

MD5
a61ea5f2325332c52bff5bce3d161336

SHA1
3a883b8241f5f2efaa76367240db800d78a0209c

SHA256
e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b

SHA512
fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
88KB

MD5
a61ea5f2325332c52bff5bce3d161336

SHA1
3a883b8241f5f2efaa76367240db800d78a0209c

SHA256
e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b

SHA512
fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
88KB

MD5
a61ea5f2325332c52bff5bce3d161336

SHA1
3a883b8241f5f2efaa76367240db800d78a0209c

SHA256
e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b

SHA512
fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
88KB

MD5
a61ea5f2325332c52bff5bce3d161336

SHA1
3a883b8241f5f2efaa76367240db800d78a0209c

SHA256
e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b

SHA512
fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
88KB

MD5
a61ea5f2325332c52bff5bce3d161336

SHA1
3a883b8241f5f2efaa76367240db800d78a0209c

SHA256
e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b

SHA512
fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
88KB

MD5
a61ea5f2325332c52bff5bce3d161336

SHA1
3a883b8241f5f2efaa76367240db800d78a0209c

SHA256
e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b

SHA512
fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
88KB

MD5
a61ea5f2325332c52bff5bce3d161336

SHA1
3a883b8241f5f2efaa76367240db800d78a0209c

SHA256
e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b

SHA512
fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
88KB

MD5
a61ea5f2325332c52bff5bce3d161336

SHA1
3a883b8241f5f2efaa76367240db800d78a0209c

SHA256
e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b

SHA512
fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

Download Submit
memory/1364-55-0x00000000763F1000-0x00000000763F3000-memory.dmp

Filesize
8KB

Download
memory/1364-69-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download
memory/1364-70-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1708-71-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads