Analysis Overview
SHA256
40224b10f6543ea1a26bffadfe91c22233b2828118203cbd81b528c2fd592901
Threat Level: Likely benign
The file 40224b10f6543ea1a26bffadfe91c22233b2828118203cbd81b528c2fd592901 was found to be: Likely benign.
Malicious Activity Summary
Program crash
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-10-31 22:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-10-31 22:51
Reported
2022-10-31 22:53
Platform
win7-20220812-en
Max time kernel
43s
Max time network
46s
Command Line
Signatures
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1800 wrote to memory of 2012 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1800 wrote to memory of 2012 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1800 wrote to memory of 2012 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1800 wrote to memory of 2012 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1800 wrote to memory of 2012 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1800 wrote to memory of 2012 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1800 wrote to memory of 2012 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\40224b10f6543ea1a26bffadfe91c22233b2828118203cbd81b528c2fd592901.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\40224b10f6543ea1a26bffadfe91c22233b2828118203cbd81b528c2fd592901.dll,#1
Network
Files
memory/2012-54-0x0000000000000000-mapping.dmp
memory/2012-55-0x00000000758C1000-0x00000000758C3000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-10-31 22:51
Reported
2022-10-31 22:53
Platform
win10v2004-20220901-en
Max time kernel
90s
Max time network
139s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1616 wrote to memory of 4904 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1616 wrote to memory of 4904 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1616 wrote to memory of 4904 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\40224b10f6543ea1a26bffadfe91c22233b2828118203cbd81b528c2fd592901.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\40224b10f6543ea1a26bffadfe91c22233b2828118203cbd81b528c2fd592901.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4904 -ip 4904
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 692
Network
| Country | Destination | Domain | Proto |
| BE | 8.238.110.126:80 | tcp | |
| US | 13.89.179.10:443 | tcp | |
| BE | 8.238.110.126:80 | tcp | |
| BE | 8.238.110.126:80 | tcp | |
| BE | 8.238.110.126:80 | tcp |
Files
memory/4904-132-0x0000000000000000-mapping.dmp