Analysis
-
max time kernel
38s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
10-10-2022 13:51
Behavioral task
behavioral1
Sample
3700-178-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win7-20220812-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
3700-178-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
3700-178-0x0000000180000000-0x0000000180009000-memory.dll
-
Size
36KB
-
MD5
f3a26bba93a7bc38b371cd1a40bea277
-
SHA1
f23277b0b85903470d3b7852274086d34205fa3c
-
SHA256
5c73fd0836fe5cdfda77d855f6d21b013222ad4c18d84dca1650bac556039898
-
SHA512
11154fbb5c174e51d83c3d585839c115b82405f356a5089bcf9f8bd166e2b125f3724ee71b6d04247987ffd6e3a2862ba8afcb94255325dd0a60528b09242b79
-
SSDEEP
192:hHVMfa7TTCjJSixzPSAA56RCK7Yu/VPgwBwXBAQYfPq/3Kb:h1Mf0gJSix2AA56RCiZVCGQYnq/6b
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1720 1712 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1712 wrote to memory of 1720 1712 rundll32.exe WerFault.exe PID 1712 wrote to memory of 1720 1712 rundll32.exe WerFault.exe PID 1712 wrote to memory of 1720 1712 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3700-178-0x0000000180000000-0x0000000180009000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1712 -s 562⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1720-54-0x0000000000000000-mapping.dmp