dd4a9ffdb99017d252a920a699278fe2bcbc1750d06d07527d08d273247e3bb8

Analysis

max time kernel
43s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 23:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dd4a9ffdb99017d252a920a699278fe2bcbc1750d06d07527d08d273247e3bb8.dll
Size

180KB
MD5

a16c58cd44787ac65e20a41363220cd3
SHA1

2d0ee095b9b06aa319c24fc84de5229c49e0885d
SHA256

dd4a9ffdb99017d252a920a699278fe2bcbc1750d06d07527d08d273247e3bb8
SHA512

1a24bd70a8db63cea77af053c3c9fa17a4d6af05e6bb049a26af1a84bd1a13719da0b121453af3af5f70673caef3cda28bc6a8e86ff9a90e0d729ff8e06007e3
SSDEEP

3072:5gKKuiX63bw5dNjDh8pWVgTlFIYnHYCqD5ucgQ6e4k2DQ:SKZp3KNjVGvHBqDOHkl

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1356	rundll32mgr.exe

Loads dropped DLL 9 IoCs

pid	Process
1300	rundll32.exe
1300	rundll32.exe
520	WerFault.exe
520	WerFault.exe
520	WerFault.exe
520	WerFault.exe
520	WerFault.exe
520	WerFault.exe
520	WerFault.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rundll32mgr.exe	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
520	1356	WerFault.exe	28

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 1300	1720	rundll32.exe	27
PID 1720 wrote to memory of 1300	1720	rundll32.exe	27
PID 1720 wrote to memory of 1300	1720	rundll32.exe	27
PID 1720 wrote to memory of 1300	1720	rundll32.exe	27
PID 1720 wrote to memory of 1300	1720	rundll32.exe	27
PID 1720 wrote to memory of 1300	1720	rundll32.exe	27
PID 1720 wrote to memory of 1300	1720	rundll32.exe	27
PID 1300 wrote to memory of 1356	1300	rundll32.exe	28
PID 1300 wrote to memory of 1356	1300	rundll32.exe	28
PID 1300 wrote to memory of 1356	1300	rundll32.exe	28
PID 1300 wrote to memory of 1356	1300	rundll32.exe	28
PID 1356 wrote to memory of 520	1356	rundll32mgr.exe	29
PID 1356 wrote to memory of 520	1356	rundll32mgr.exe	29
PID 1356 wrote to memory of 520	1356	rundll32mgr.exe	29
PID 1356 wrote to memory of 520	1356	rundll32mgr.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd4a9ffdb99017d252a920a699278fe2bcbc1750d06d07527d08d273247e3bb8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd4a9ffdb99017d252a920a699278fe2bcbc1750d06d07527d08d273247e3bb8.dll,#1
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1300
- - C:\Windows\SysWOW64\rundll32mgr.exe
    C:\Windows\SysWOW64\rundll32mgr.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1356
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 100
      4⤵
      Loads dropped DLL
      Program crash
      PID:520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\rundll32mgr.exe

Filesize
64KB

MD5
b19012a31bbf1e385e786b89985a615a

SHA1
fb3e3ed289c78d058a79ac5a1ed2d4d238bfd3fd

SHA256
0ef8052766b4a9beb35373e5fdcd3df7ce1b549bf33996345182d0c56a24df2e

SHA512
50cda5f1bdea3499b48cdc22d760d81f18debd13387bf99de9d58ceba6e79ad8f05c0d8aeeffc9b2a65f66df040ed3229404ddea36f315b87bd659eddc688dc6

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
64KB

MD5
b19012a31bbf1e385e786b89985a615a

SHA1
fb3e3ed289c78d058a79ac5a1ed2d4d238bfd3fd

SHA256
0ef8052766b4a9beb35373e5fdcd3df7ce1b549bf33996345182d0c56a24df2e

SHA512
50cda5f1bdea3499b48cdc22d760d81f18debd13387bf99de9d58ceba6e79ad8f05c0d8aeeffc9b2a65f66df040ed3229404ddea36f315b87bd659eddc688dc6

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
64KB

MD5
b19012a31bbf1e385e786b89985a615a

SHA1
fb3e3ed289c78d058a79ac5a1ed2d4d238bfd3fd

SHA256
0ef8052766b4a9beb35373e5fdcd3df7ce1b549bf33996345182d0c56a24df2e

SHA512
50cda5f1bdea3499b48cdc22d760d81f18debd13387bf99de9d58ceba6e79ad8f05c0d8aeeffc9b2a65f66df040ed3229404ddea36f315b87bd659eddc688dc6

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
64KB

MD5
b19012a31bbf1e385e786b89985a615a

SHA1
fb3e3ed289c78d058a79ac5a1ed2d4d238bfd3fd

SHA256
0ef8052766b4a9beb35373e5fdcd3df7ce1b549bf33996345182d0c56a24df2e

SHA512
50cda5f1bdea3499b48cdc22d760d81f18debd13387bf99de9d58ceba6e79ad8f05c0d8aeeffc9b2a65f66df040ed3229404ddea36f315b87bd659eddc688dc6

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
64KB

MD5
b19012a31bbf1e385e786b89985a615a

SHA1
fb3e3ed289c78d058a79ac5a1ed2d4d238bfd3fd

SHA256
0ef8052766b4a9beb35373e5fdcd3df7ce1b549bf33996345182d0c56a24df2e

SHA512
50cda5f1bdea3499b48cdc22d760d81f18debd13387bf99de9d58ceba6e79ad8f05c0d8aeeffc9b2a65f66df040ed3229404ddea36f315b87bd659eddc688dc6

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
64KB

MD5
b19012a31bbf1e385e786b89985a615a

SHA1
fb3e3ed289c78d058a79ac5a1ed2d4d238bfd3fd

SHA256
0ef8052766b4a9beb35373e5fdcd3df7ce1b549bf33996345182d0c56a24df2e

SHA512
50cda5f1bdea3499b48cdc22d760d81f18debd13387bf99de9d58ceba6e79ad8f05c0d8aeeffc9b2a65f66df040ed3229404ddea36f315b87bd659eddc688dc6

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
64KB

MD5
b19012a31bbf1e385e786b89985a615a

SHA1
fb3e3ed289c78d058a79ac5a1ed2d4d238bfd3fd

SHA256
0ef8052766b4a9beb35373e5fdcd3df7ce1b549bf33996345182d0c56a24df2e

SHA512
50cda5f1bdea3499b48cdc22d760d81f18debd13387bf99de9d58ceba6e79ad8f05c0d8aeeffc9b2a65f66df040ed3229404ddea36f315b87bd659eddc688dc6

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
64KB

MD5
b19012a31bbf1e385e786b89985a615a

SHA1
fb3e3ed289c78d058a79ac5a1ed2d4d238bfd3fd

SHA256
0ef8052766b4a9beb35373e5fdcd3df7ce1b549bf33996345182d0c56a24df2e

SHA512
50cda5f1bdea3499b48cdc22d760d81f18debd13387bf99de9d58ceba6e79ad8f05c0d8aeeffc9b2a65f66df040ed3229404ddea36f315b87bd659eddc688dc6

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
64KB

MD5
b19012a31bbf1e385e786b89985a615a

SHA1
fb3e3ed289c78d058a79ac5a1ed2d4d238bfd3fd

SHA256
0ef8052766b4a9beb35373e5fdcd3df7ce1b549bf33996345182d0c56a24df2e

SHA512
50cda5f1bdea3499b48cdc22d760d81f18debd13387bf99de9d58ceba6e79ad8f05c0d8aeeffc9b2a65f66df040ed3229404ddea36f315b87bd659eddc688dc6

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
64KB

MD5
b19012a31bbf1e385e786b89985a615a

SHA1
fb3e3ed289c78d058a79ac5a1ed2d4d238bfd3fd

SHA256
0ef8052766b4a9beb35373e5fdcd3df7ce1b549bf33996345182d0c56a24df2e

SHA512
50cda5f1bdea3499b48cdc22d760d81f18debd13387bf99de9d58ceba6e79ad8f05c0d8aeeffc9b2a65f66df040ed3229404ddea36f315b87bd659eddc688dc6

Download Submit
memory/1300-55-0x00000000765B1000-0x00000000765B3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads