Analysis
-
max time kernel
45s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
04-10-2022 15:48
Behavioral task
behavioral1
Sample
964-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win7-20220901-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
964-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
964-54-0x0000000180000000-0x0000000180009000-memory.dll
-
Size
36KB
-
MD5
063218fc08e3123a3f2217db820b170d
-
SHA1
aa11032a2ed8d20b9364c6a3b869307ec1aa026d
-
SHA256
3df18c9fd9731cb2b9f862d2bd4745c5371265971a7740d1593f776dfe72d798
-
SHA512
4598796ae2e3a5eda16a1fda3624c37490f1e401b9fba878da3fc57fb512ef2f801202560b984c9373f6358c954f9874a1d1e7fdfc79eb16ea1b1c14a7082657
-
SSDEEP
192:hHVMfa7TTCjJSixzPSAA56RCK7Yu/VPgwdhuXBAQYfPq/3Kb4:h1Mf0gJSix2AA56RCiZV2GQYnq/6b
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 820 1284 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1284 wrote to memory of 820 1284 rundll32.exe WerFault.exe PID 1284 wrote to memory of 820 1284 rundll32.exe WerFault.exe PID 1284 wrote to memory of 820 1284 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\964-54-0x0000000180000000-0x0000000180009000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1284 -s 562⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/820-54-0x0000000000000000-mapping.dmp