f8def8b24b0be3bbcaa206f280b56721146c5ab08561a8cdffb29c30a30c1773

Analysis

max time kernel
46s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 23:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f8def8b24b0be3bbcaa206f280b56721146c5ab08561a8cdffb29c30a30c1773.dll
Size

204KB
MD5

a16e83a2617be2ff5e86b6b2de237312
SHA1

7c7e5ebffa3be85ac226bacb5fbe9cd96426c0cd
SHA256

f8def8b24b0be3bbcaa206f280b56721146c5ab08561a8cdffb29c30a30c1773
SHA512

35f26cd09f31b788839d431ff951c97f33c92532015d5db4cec2a5a5dbbb8374ca957a433802a30265964616104dce2f3b9b0f8716fc9cf9c348e615561f2c92
SSDEEP

3072:tZmu9K33WSwdJ/tILtAPrL+oxdvKjD4NCgKZrYBcYznTbKXa:t8b33QqUrSJDZrY+YTTbKXa

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
840	rundll32mgr.exe

Loads dropped DLL 9 IoCs

pid	Process
1344	rundll32.exe
1344	rundll32.exe
1464	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rundll32mgr.exe	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1464	840	WerFault.exe	28

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1344 wrote to memory of 840	1344	rundll32.exe	28
PID 1344 wrote to memory of 840	1344	rundll32.exe	28
PID 1344 wrote to memory of 840	1344	rundll32.exe	28
PID 1344 wrote to memory of 840	1344	rundll32.exe	28
PID 840 wrote to memory of 1464	840	rundll32mgr.exe	29
PID 840 wrote to memory of 1464	840	rundll32mgr.exe	29
PID 840 wrote to memory of 1464	840	rundll32mgr.exe	29
PID 840 wrote to memory of 1464	840	rundll32mgr.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f8def8b24b0be3bbcaa206f280b56721146c5ab08561a8cdffb29c30a30c1773.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f8def8b24b0be3bbcaa206f280b56721146c5ab08561a8cdffb29c30a30c1773.dll,#1
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1344
- - C:\Windows\SysWOW64\rundll32mgr.exe
    C:\Windows\SysWOW64\rundll32mgr.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:840
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 156
      4⤵
      Loads dropped DLL
      Program crash
      PID:1464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
memory/1344-55-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads