cc02a703f95dde0d235d94469fd85b480028c9d5f014eb28aeac7ce47b0c0fbb

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 04:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc02a703f95dde0d235d94469fd85b480028c9d5f014eb28aeac7ce47b0c0fbb.dll
Size

548KB
MD5

6536bff2fd11523eab30b64cf0a018b0
SHA1

b0c6eaa9a3f93c8c2492ce78477c684ddfe3c19f
SHA256

cc02a703f95dde0d235d94469fd85b480028c9d5f014eb28aeac7ce47b0c0fbb
SHA512

a64f215578a737b270670d8cd59e0ee9da055780ca250a03420e577ab7ea4fac1e5b12a68faabc68de15e55f000c6967cf7d2656f1fad20da8219fd5105dfd6e
SSDEEP

12288:32GzLyjXoP4V1BL97BNOr964BECO1LtJMV0T:5+jXmQ97epPOaV0T

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1656	rundll32mgr.exe

Loads dropped DLL 9 IoCs

pid	Process
1472	rundll32.exe
1472	rundll32.exe
1856	WerFault.exe
1856	WerFault.exe
1856	WerFault.exe
1856	WerFault.exe
1856	WerFault.exe
1856	WerFault.exe
1856	WerFault.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rundll32mgr.exe	rundll32.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1716	1472	WerFault.exe	28
1856	1656	WerFault.exe	29

Suspicious use of WriteProcessMemory 19 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 1472	1112	rundll32.exe	28
PID 1112 wrote to memory of 1472	1112	rundll32.exe	28
PID 1112 wrote to memory of 1472	1112	rundll32.exe	28
PID 1112 wrote to memory of 1472	1112	rundll32.exe	28
PID 1112 wrote to memory of 1472	1112	rundll32.exe	28
PID 1112 wrote to memory of 1472	1112	rundll32.exe	28
PID 1112 wrote to memory of 1472	1112	rundll32.exe	28
PID 1472 wrote to memory of 1656	1472	rundll32.exe	29
PID 1472 wrote to memory of 1656	1472	rundll32.exe	29
PID 1472 wrote to memory of 1656	1472	rundll32.exe	29
PID 1472 wrote to memory of 1656	1472	rundll32.exe	29
PID 1472 wrote to memory of 1716	1472	rundll32.exe	30
PID 1472 wrote to memory of 1716	1472	rundll32.exe	30
PID 1472 wrote to memory of 1716	1472	rundll32.exe	30
PID 1472 wrote to memory of 1716	1472	rundll32.exe	30
PID 1656 wrote to memory of 1856	1656	rundll32mgr.exe	31
PID 1656 wrote to memory of 1856	1656	rundll32mgr.exe	31
PID 1656 wrote to memory of 1856	1656	rundll32mgr.exe	31
PID 1656 wrote to memory of 1856	1656	rundll32mgr.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc02a703f95dde0d235d94469fd85b480028c9d5f014eb28aeac7ce47b0c0fbb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc02a703f95dde0d235d94469fd85b480028c9d5f014eb28aeac7ce47b0c0fbb.dll,#1
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1472
- - C:\Windows\SysWOW64\rundll32mgr.exe
    C:\Windows\SysWOW64\rundll32mgr.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1656
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 156
      4⤵
      Loads dropped DLL
      Program crash
      PID:1856
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 228
    3⤵
    - Program crash
    PID:1716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
memory/1472-55-0x0000000074D61000-0x0000000074D63000-memory.dmp

Filesize
8KB

Download
memory/1472-70-0x00000000604D0000-0x000000006055C000-memory.dmp

Filesize
560KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads