23a034bb3017209bcf68c3661aa95e9a3633692367e71174590f4c9c316062fd

Analysis

max time kernel
148s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-10-2022 04:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23a034bb3017209bcf68c3661aa95e9a3633692367e71174590f4c9c316062fd.dll
Size

688KB
MD5

71e4313b4ce3765bc0ecc00c55c56090
SHA1

70ea0da4f5a9a3c6972c0c780e30ce567c38f46e
SHA256

23a034bb3017209bcf68c3661aa95e9a3633692367e71174590f4c9c316062fd
SHA512

4b86075960be8ab5d8c982fe1da86ea643e9f39b6025b794d64680c3f6470301b644ba21b09917f86e0019d16e3a32bcac324a079ad7eb59512101b96d049bc3
SSDEEP

12288:W0ywjWtUO+Oke04VGUl6vhOiue+bhPrRx4vSZqB7Y0lnMyC2+ErT4MQ:tCwsdPJyC29M

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
976	rundll32mgr.exe

Loads dropped DLL 9 IoCs

pid	Process
1652	rundll32.exe
1652	rundll32.exe
1388	WerFault.exe
1388	WerFault.exe
1388	WerFault.exe
1388	WerFault.exe
1388	WerFault.exe
1388	WerFault.exe
1388	WerFault.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rundll32mgr.exe	rundll32.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1504	1652	WerFault.exe	27
1388	976	WerFault.exe	28

Suspicious use of WriteProcessMemory 19 IoCs

description	pid	Process	procid_target
PID 1084 wrote to memory of 1652	1084	rundll32.exe	27
PID 1084 wrote to memory of 1652	1084	rundll32.exe	27
PID 1084 wrote to memory of 1652	1084	rundll32.exe	27
PID 1084 wrote to memory of 1652	1084	rundll32.exe	27
PID 1084 wrote to memory of 1652	1084	rundll32.exe	27
PID 1084 wrote to memory of 1652	1084	rundll32.exe	27
PID 1084 wrote to memory of 1652	1084	rundll32.exe	27
PID 1652 wrote to memory of 976	1652	rundll32.exe	28
PID 1652 wrote to memory of 976	1652	rundll32.exe	28
PID 1652 wrote to memory of 976	1652	rundll32.exe	28
PID 1652 wrote to memory of 976	1652	rundll32.exe	28
PID 1652 wrote to memory of 1504	1652	rundll32.exe	29
PID 1652 wrote to memory of 1504	1652	rundll32.exe	29
PID 1652 wrote to memory of 1504	1652	rundll32.exe	29
PID 1652 wrote to memory of 1504	1652	rundll32.exe	29
PID 976 wrote to memory of 1388	976	rundll32mgr.exe	30
PID 976 wrote to memory of 1388	976	rundll32mgr.exe	30
PID 976 wrote to memory of 1388	976	rundll32mgr.exe	30
PID 976 wrote to memory of 1388	976	rundll32mgr.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\23a034bb3017209bcf68c3661aa95e9a3633692367e71174590f4c9c316062fd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1084
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\23a034bb3017209bcf68c3661aa95e9a3633692367e71174590f4c9c316062fd.dll,#1
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1652
- - C:\Windows\SysWOW64\rundll32mgr.exe
    C:\Windows\SysWOW64\rundll32mgr.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:976
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 156
      4⤵
      Loads dropped DLL
      Program crash
      PID:1388
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
    3⤵
    - Program crash
    PID:1504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
memory/976-59-0x0000000000000000-mapping.dmp

Download
memory/1388-63-0x0000000000000000-mapping.dmp

Download
memory/1504-62-0x0000000000000000-mapping.dmp

Download
memory/1652-54-0x0000000000000000-mapping.dmp

Download
memory/1652-57-0x0000000010000000-0x00000000100AD000-memory.dmp

Filesize
692KB

Download
memory/1652-55-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download
memory/1652-71-0x0000000010000000-0x00000000100AD000-memory.dmp

Filesize
692KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads