Analysis
-
max time kernel
41s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
04-10-2022 18:53
Behavioral task
behavioral1
Sample
368-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
368-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
368-54-0x0000000180000000-0x0000000180009000-memory.dll
-
Size
36KB
-
MD5
84181a1191556f48a7dcdd53642658da
-
SHA1
4f3df460195d1adf0b69e8471c940b9e3f0b7c65
-
SHA256
fa49ae1962f00972098684f4a2cc602cfabffbac507410d594c604903e3f420a
-
SHA512
df0ec6d9834cc11255c8183731c6bc5d6a399d0957135ffc1c252591309840c3466066e181b6bd384afda69aedb098d4604224e8084a14e1ba9f4f055008a39c
-
SSDEEP
192:hHVMfa7TTCjJSixzPSAA56RCK7Yu/VPgwz0XBAQYfPq/3Kb4:h1Mf0gJSix2AA56RCiZVcGQYnq/6b
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1836 1760 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1760 wrote to memory of 1836 1760 rundll32.exe WerFault.exe PID 1760 wrote to memory of 1836 1760 rundll32.exe WerFault.exe PID 1760 wrote to memory of 1836 1760 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\368-54-0x0000000180000000-0x0000000180009000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1760 -s 562⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1836-54-0x0000000000000000-mapping.dmp