Analysis
-
max time kernel
27s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
21-11-2022 06:06
Behavioral task
behavioral1
Sample
616-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win7-20221111-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
616-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
616-54-0x0000000180000000-0x0000000180009000-memory.dll
-
Size
36KB
-
MD5
a574b61931f0ccb914e50e724cb8ad2a
-
SHA1
45aed5434ad0ceec1c88fcdc07e94bc2402235f8
-
SHA256
65d304094860532f8e8dbe2b837eec41973edba73d8c2a3a837f6166450e6287
-
SHA512
6fca8623d62926948718baed91cb397aa23fff51fc2320582935c8ddd1d9817ceef1576aad303da03892a454ea84dea0ea5bb712816abdee22a6d8d1aed91eab
-
SSDEEP
192:hHVMfa7TTCjJSixzPSAA56RCK7Yu/VPgwZXBAQYfPq/3Kb:h1Mf0gJSix2AA56RCiZVPGQYnq/6b
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1280 1336 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1336 wrote to memory of 1280 1336 rundll32.exe WerFault.exe PID 1336 wrote to memory of 1280 1336 rundll32.exe WerFault.exe PID 1336 wrote to memory of 1280 1336 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\616-54-0x0000000180000000-0x0000000180009000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1336 -s 562⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1280-54-0x0000000000000000-mapping.dmp