Analysis
-
max time kernel
93s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
25-11-2022 22:37
General
-
Target
07b407b9344bc636a5595493f4bef9e66a3e0f14d6557c3a2a979a400670235c.dll
-
Size
1.3MB
-
MD5
6046edcc5db052bea9e7e6d2f2e869b1
-
SHA1
f9efa2ff06eb664a0a3e9f2c53bc1c538c59b590
-
SHA256
07b407b9344bc636a5595493f4bef9e66a3e0f14d6557c3a2a979a400670235c
-
SHA512
fc6340b7a795566126da4efe6228a19eb36ee22e35323ad892289a62481ed414f1486a64c770bcb53ad6d8967363d81da91839ddd2a11c1dfb1e72a51a9bd8a8
-
SSDEEP
24576:An6WrvFhoN0oXr2HbAR4rMuwKc3QC5fexfduH2FRNEpzvKdYu2TB3DEZ:APNet4PWQC5yluHQuzQYTTFIZ
Score
6/10
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\07b407b9344bc636a5595493f4bef9e66a3e0f14d6557c3a2a979a400670235c.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\07b407b9344bc636a5595493f4bef9e66a3e0f14d6557c3a2a979a400670235c.dll,#12⤵
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 6523⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 1060 -ip 10601⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1060-132-0x0000000000000000-mapping.dmp