21b4fe28d6f5e7dc6b44bd9a10feff76c18af82b0711844d9736246b3a2bd576

Analysis

max time kernel
126s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2022 04:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21b4fe28d6f5e7dc6b44bd9a10feff76c18af82b0711844d9736246b3a2bd576.dll
Size

821KB
MD5

080c9a65be9f9a118ee83fa9aa38068c
SHA1

23191c17443ede9996e55c4c4839cc8e0c8cfc31
SHA256

21b4fe28d6f5e7dc6b44bd9a10feff76c18af82b0711844d9736246b3a2bd576
SHA512

5bb330ee93256dae521b26cc93fdd0eb190563441c6e7f8caf954610e8bda47cecc66c3743f76ba10460dc94a3fceff8bbd1b751e4b4b127af2b80927f63406c
SSDEEP

24576:3zb1MlCKUQyUmjtczu6Prs9pgWoopooK9kwP4GZVooz:3zbKsUmjtcdPGgIwP5YA

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4912	rundll32mgr.exe

Loads dropped DLL 1 IoCs

pid	Process
4912	rundll32mgr.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rundll32mgr.exe	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3700	4912	WerFault.exe	82

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4984 wrote to memory of 5012	4984	rundll32.exe	81
PID 4984 wrote to memory of 5012	4984	rundll32.exe	81
PID 4984 wrote to memory of 5012	4984	rundll32.exe	81
PID 5012 wrote to memory of 4912	5012	rundll32.exe	82
PID 5012 wrote to memory of 4912	5012	rundll32.exe	82
PID 5012 wrote to memory of 4912	5012	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\21b4fe28d6f5e7dc6b44bd9a10feff76c18af82b0711844d9736246b3a2bd576.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\21b4fe28d6f5e7dc6b44bd9a10feff76c18af82b0711844d9736246b3a2bd576.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:5012
- - C:\Windows\SysWOW64\rundll32mgr.exe
    C:\Windows\SysWOW64\rundll32mgr.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4912
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 372
      4⤵
      Program crash
      PID:3700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4912 -ip 4912
1⤵
PID:1220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~TM517B.tmp

Filesize
1.6MB

MD5
4f3387277ccbd6d1f21ac5c07fe4ca68

SHA1
e16506f662dc92023bf82def1d621497c8ab5890

SHA256
767a3fc4a7a6818cdc3f0b99aaa95db694f6bcde719d2057a88b3d4df3d74fac

SHA512
9da199ac69e3c0d4e0c6307e0ab8178f12cc25cb2f14c3511f6b64e6e60a925c860f3263cb38353a97b55a71ef4d27f8cb7fa3cfc08e7c1a349fd8d209dfa219

Download Submit
C:\Windows\SysWOW64\rundll32mgr.exe

Filesize
162KB

MD5
33cd65ebd943a41a3b65fa1ccfce067c

SHA1
715d78b89cadbbd517fec3a48f415e1dc00f92bb

SHA256
43c91f0a793c2776757ecec287a2d50cbf331d27f08aa559ffc160a417d3d1ae

SHA512
ea7c5b04eb5dd99ff38f7699cceef49680c094beab01751a92541e56293f7ecc3381aeca9a8863f95b75b548c0d02cf5127eaaf4cc1f784974981fade9ebeaf2

Download Submit
C:\Windows\SysWOW64\rundll32mgr.exe

Filesize
162KB

MD5
33cd65ebd943a41a3b65fa1ccfce067c

SHA1
715d78b89cadbbd517fec3a48f415e1dc00f92bb

SHA256
43c91f0a793c2776757ecec287a2d50cbf331d27f08aa559ffc160a417d3d1ae

SHA512
ea7c5b04eb5dd99ff38f7699cceef49680c094beab01751a92541e56293f7ecc3381aeca9a8863f95b75b548c0d02cf5127eaaf4cc1f784974981fade9ebeaf2

Download Submit
memory/4912-137-0x0000000000000000-mapping.dmp

Download
memory/4912-140-0x0000000000400000-0x0000000000489124-memory.dmp

Filesize
548KB

Download
memory/4912-142-0x0000000000400000-0x0000000000489124-memory.dmp

Filesize
548KB

Download
memory/4912-143-0x0000000077700000-0x00000000778A3000-memory.dmp

Filesize
1.6MB

Download
memory/5012-135-0x0000000000000000-mapping.dmp

Download
memory/5012-136-0x0000000005000000-0x00000000050D3000-memory.dmp

Filesize
844KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads