Analysis
-
max time kernel
47s -
max time network
52s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
13-10-2022 00:51
Static task
static1
Behavioral task
behavioral1
Sample
dd204ab6-b2ca-4f8c-8f6b-b70093a2ec80.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
dd204ab6-b2ca-4f8c-8f6b-b70093a2ec80.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
file-ea1bb905-6718-4e55-8cb2-4f2cfbf2cd23.lnk
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
file-ea1bb905-6718-4e55-8cb2-4f2cfbf2cd23.lnk
Resource
win10v2004-20220812-en
General
-
Target
dd204ab6-b2ca-4f8c-8f6b-b70093a2ec80.dll
-
Size
2.0MB
-
MD5
442f4e07da9878d04b1ec48c1db92648
-
SHA1
4cbba55450697ea6f9459623f4801cef0d7259ac
-
SHA256
8d58bea19cc529526e670de83d3e3009d5e69447ca41d9c3d45013a3b683da83
-
SHA512
857d8df09b37d57771f080490451f03832e1a42dc83fe7aa18fbda643c58e48371c11807e5a8a943060b3934b72d8ecb15b283b604a856f997ebfbe155ea442e
-
SSDEEP
49152:hESQEiUQsu5LJvbqdpwKaeiSk6+OJyR8:PQ6SvvbqViSk67J88
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1256 1140 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1140 wrote to memory of 1256 1140 rundll32.exe WerFault.exe PID 1140 wrote to memory of 1256 1140 rundll32.exe WerFault.exe PID 1140 wrote to memory of 1256 1140 rundll32.exe WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1256-54-0x0000000000000000-mapping.dmp