Analysis
-
max time kernel
42s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
14-11-2022 19:09
Behavioral task
behavioral1
Sample
1676-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
1676-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
1676-54-0x0000000180000000-0x0000000180009000-memory.dll
-
Size
36KB
-
MD5
3c6159840d56350a5d451d6d0c7790da
-
SHA1
d04d9b3fb69b80f1d2be4153cf33925bfccd7fe7
-
SHA256
fa61df3fb1d242f40ef3e13f1c2e146a49e7d37969e2f6be621c5ccd2bee707e
-
SHA512
4ca19935aa188efca3f342d6465a216ed0962fc221258374331dd8925095f81f27f45ecf13bd0b20dca94dd2f85cd8b529794f19c448df887258f64e970f9640
-
SSDEEP
192:hHVMfa7TTCjJSixzPSAA56RCK7Yu/VPgwKRXBAQYfPq/3KbA:h1Mf0gJSix2AA56RCiZVA1GQYnq/6bA
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 280 536 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 536 wrote to memory of 280 536 rundll32.exe WerFault.exe PID 536 wrote to memory of 280 536 rundll32.exe WerFault.exe PID 536 wrote to memory of 280 536 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1676-54-0x0000000180000000-0x0000000180009000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:536 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 536 -s 562⤵
- Program crash
PID:280
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/280-54-0x0000000000000000-mapping.dmp