Analysis
-
max time kernel
152s -
max time network
178s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
03-10-2022 08:00
Behavioral task
behavioral1
Sample
864-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
864-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
864-54-0x0000000180000000-0x0000000180009000-memory.dll
-
Size
36KB
-
MD5
31aed8815db91eee801317d68cb58cfc
-
SHA1
b7f583c9ac78ef03df791f2230f12e6f8db4a519
-
SHA256
646f6b497c5054bcb9a9e2241cabfe304dc4004796a0d21fe6250352bb5598d7
-
SHA512
374444cd89d135fb30bba140194ac2b584bcebe3e706c356102d5831305995686375fdf4a671d829ee1fbfb6f8a9228ecb71114b80e28abfe4498eaabe8e5b30
-
SSDEEP
192:hHVMfa7TTCjJSixzPSAA56RCK7Yu/VPgwbwwXBAQYfPq/3KbyM:h1Mf0gJSix2AA56RCiZVFwCGQYnq/6b
Score
3/10
Malware Config
Signatures
-
Program crash 2 IoCs
Processes:
WerFault.exeWerFault.exepid pid_target process target process 4692 1264 WerFault.exe rundll32.exe 4028 1264 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
rundll32.exedescription pid process target process PID 1264 wrote to memory of 4692 1264 rundll32.exe WerFault.exe PID 1264 wrote to memory of 4692 1264 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\864-54-0x0000000180000000-0x0000000180009000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1264 -s 2402⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1264 -s 2402⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 408 -p 1264 -ip 12641⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4692-132-0x0000000000000000-mapping.dmp