Analysis
-
max time kernel
34s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
24-11-2022 09:56
Behavioral task
behavioral1
Sample
1208-56-0x0000000180000000-0x0000000180013000-memory.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
1208-56-0x0000000180000000-0x0000000180013000-memory.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
1208-56-0x0000000180000000-0x0000000180013000-memory.dll
-
Size
76KB
-
MD5
997556101550fd78a64409d3f6185ef5
-
SHA1
ebca870056a92cc3bc42664a22b218ac46aafbd8
-
SHA256
d1289afa289d40dbdbf3a604b1fb84db360dd468581fffbac78275ca6780d910
-
SHA512
d634645c48cc2648c89acebc67d999efbe83b63cb3ec3a33282d333d3e9996a59d356d855aaa1b5b63b1ce2ef5cf640d07cca00d41715e1ff8403e5d4d05ee86
-
SSDEEP
1536:pyFML+2YIf5YdDn/qGU1jDiBS/////////////////////////////m:pYM5n5eqGU138
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 972 900 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 900 wrote to memory of 972 900 rundll32.exe WerFault.exe PID 900 wrote to memory of 972 900 rundll32.exe WerFault.exe PID 900 wrote to memory of 972 900 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1208-56-0x0000000180000000-0x0000000180013000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 900 -s 562⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/972-54-0x0000000000000000-mapping.dmp