7e41f43275f79de584731ac3682d085df368ec8e844bf3f763d28378132b4849

Analysis

max time kernel
160s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 08:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7e41f43275f79de584731ac3682d085df368ec8e844bf3f763d28378132b4849.dll
Size

160KB
MD5

f17a942c372ace091d4e3326b654f911
SHA1

1a13fcb856dd00683674b81ffb40f9b8b4275f10
SHA256

7e41f43275f79de584731ac3682d085df368ec8e844bf3f763d28378132b4849
SHA512

69d12a47223f04f8e21b30f662de56eeba68c9f98fb3dc9aa864f89bb439e069947b982f72ea91a73034ba1142e5b3e382463cf45af4dbc7e8a1c9d2647bfbb0
SSDEEP

3072:K61Ye3TaEu2CoCcn3zO7A4D8XHLC/6CqX2n2sv566sJrlcWAP:HTa12CoCckAe87CnqX2L4JrlcLP

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
968	rundll32mgr.exe

Loads dropped DLL 9 IoCs

pid	Process
1800	rundll32.exe
1800	rundll32.exe
1404	WerFault.exe
1404	WerFault.exe
1404	WerFault.exe
1404	WerFault.exe
1404	WerFault.exe
1404	WerFault.exe
1404	WerFault.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rundll32mgr.exe	rundll32.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1404	968	WerFault.exe	28
2036	1800	WerFault.exe	27

Suspicious use of WriteProcessMemory 19 IoCs

description	pid	Process	procid_target
PID 288 wrote to memory of 1800	288	rundll32.exe	27
PID 288 wrote to memory of 1800	288	rundll32.exe	27
PID 288 wrote to memory of 1800	288	rundll32.exe	27
PID 288 wrote to memory of 1800	288	rundll32.exe	27
PID 288 wrote to memory of 1800	288	rundll32.exe	27
PID 288 wrote to memory of 1800	288	rundll32.exe	27
PID 288 wrote to memory of 1800	288	rundll32.exe	27
PID 1800 wrote to memory of 968	1800	rundll32.exe	28
PID 1800 wrote to memory of 968	1800	rundll32.exe	28
PID 1800 wrote to memory of 968	1800	rundll32.exe	28
PID 1800 wrote to memory of 968	1800	rundll32.exe	28
PID 968 wrote to memory of 1404	968	rundll32mgr.exe	29
PID 968 wrote to memory of 1404	968	rundll32mgr.exe	29
PID 968 wrote to memory of 1404	968	rundll32mgr.exe	29
PID 968 wrote to memory of 1404	968	rundll32mgr.exe	29
PID 1800 wrote to memory of 2036	1800	rundll32.exe	30
PID 1800 wrote to memory of 2036	1800	rundll32.exe	30
PID 1800 wrote to memory of 2036	1800	rundll32.exe	30
PID 1800 wrote to memory of 2036	1800	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7e41f43275f79de584731ac3682d085df368ec8e844bf3f763d28378132b4849.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:288
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7e41f43275f79de584731ac3682d085df368ec8e844bf3f763d28378132b4849.dll,#1
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1800
- - C:\Windows\SysWOW64\rundll32mgr.exe
    C:\Windows\SysWOW64\rundll32mgr.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:968
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 92
      4⤵
      Loads dropped DLL
      Program crash
      PID:1404
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 228
    3⤵
    - Program crash
    PID:2036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\rundll32mgr.exe

Filesize
95KB

MD5
8e617cbfd82e7d8b1e714f2b4f27d84f

SHA1
bcf77c9799fd933f23ce344d2c46081dec46ebb2

SHA256
75b0313a8289f2e8bef73aa7599d96e661b6d3840fb32d330bc3cd924240b69e

SHA512
3809686bd7d4c03cab6ce7e438115ecf224955fe55d2c8784e16d9df1d30c86b047017536435e059a9bda2e30a29263139336ebcab662d2a281f9c7dc2792d79

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
95KB

MD5
8e617cbfd82e7d8b1e714f2b4f27d84f

SHA1
bcf77c9799fd933f23ce344d2c46081dec46ebb2

SHA256
75b0313a8289f2e8bef73aa7599d96e661b6d3840fb32d330bc3cd924240b69e

SHA512
3809686bd7d4c03cab6ce7e438115ecf224955fe55d2c8784e16d9df1d30c86b047017536435e059a9bda2e30a29263139336ebcab662d2a281f9c7dc2792d79

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
95KB

MD5
8e617cbfd82e7d8b1e714f2b4f27d84f

SHA1
bcf77c9799fd933f23ce344d2c46081dec46ebb2

SHA256
75b0313a8289f2e8bef73aa7599d96e661b6d3840fb32d330bc3cd924240b69e

SHA512
3809686bd7d4c03cab6ce7e438115ecf224955fe55d2c8784e16d9df1d30c86b047017536435e059a9bda2e30a29263139336ebcab662d2a281f9c7dc2792d79

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
95KB

MD5
8e617cbfd82e7d8b1e714f2b4f27d84f

SHA1
bcf77c9799fd933f23ce344d2c46081dec46ebb2

SHA256
75b0313a8289f2e8bef73aa7599d96e661b6d3840fb32d330bc3cd924240b69e

SHA512
3809686bd7d4c03cab6ce7e438115ecf224955fe55d2c8784e16d9df1d30c86b047017536435e059a9bda2e30a29263139336ebcab662d2a281f9c7dc2792d79

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
95KB

MD5
8e617cbfd82e7d8b1e714f2b4f27d84f

SHA1
bcf77c9799fd933f23ce344d2c46081dec46ebb2

SHA256
75b0313a8289f2e8bef73aa7599d96e661b6d3840fb32d330bc3cd924240b69e

SHA512
3809686bd7d4c03cab6ce7e438115ecf224955fe55d2c8784e16d9df1d30c86b047017536435e059a9bda2e30a29263139336ebcab662d2a281f9c7dc2792d79

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
95KB

MD5
8e617cbfd82e7d8b1e714f2b4f27d84f

SHA1
bcf77c9799fd933f23ce344d2c46081dec46ebb2

SHA256
75b0313a8289f2e8bef73aa7599d96e661b6d3840fb32d330bc3cd924240b69e

SHA512
3809686bd7d4c03cab6ce7e438115ecf224955fe55d2c8784e16d9df1d30c86b047017536435e059a9bda2e30a29263139336ebcab662d2a281f9c7dc2792d79

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
95KB

MD5
8e617cbfd82e7d8b1e714f2b4f27d84f

SHA1
bcf77c9799fd933f23ce344d2c46081dec46ebb2

SHA256
75b0313a8289f2e8bef73aa7599d96e661b6d3840fb32d330bc3cd924240b69e

SHA512
3809686bd7d4c03cab6ce7e438115ecf224955fe55d2c8784e16d9df1d30c86b047017536435e059a9bda2e30a29263139336ebcab662d2a281f9c7dc2792d79

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
95KB

MD5
8e617cbfd82e7d8b1e714f2b4f27d84f

SHA1
bcf77c9799fd933f23ce344d2c46081dec46ebb2

SHA256
75b0313a8289f2e8bef73aa7599d96e661b6d3840fb32d330bc3cd924240b69e

SHA512
3809686bd7d4c03cab6ce7e438115ecf224955fe55d2c8784e16d9df1d30c86b047017536435e059a9bda2e30a29263139336ebcab662d2a281f9c7dc2792d79

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
95KB

MD5
8e617cbfd82e7d8b1e714f2b4f27d84f

SHA1
bcf77c9799fd933f23ce344d2c46081dec46ebb2

SHA256
75b0313a8289f2e8bef73aa7599d96e661b6d3840fb32d330bc3cd924240b69e

SHA512
3809686bd7d4c03cab6ce7e438115ecf224955fe55d2c8784e16d9df1d30c86b047017536435e059a9bda2e30a29263139336ebcab662d2a281f9c7dc2792d79

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
95KB

MD5
8e617cbfd82e7d8b1e714f2b4f27d84f

SHA1
bcf77c9799fd933f23ce344d2c46081dec46ebb2

SHA256
75b0313a8289f2e8bef73aa7599d96e661b6d3840fb32d330bc3cd924240b69e

SHA512
3809686bd7d4c03cab6ce7e438115ecf224955fe55d2c8784e16d9df1d30c86b047017536435e059a9bda2e30a29263139336ebcab662d2a281f9c7dc2792d79

Download Submit
memory/968-72-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1800-55-0x0000000075771000-0x0000000075773000-memory.dmp

Filesize
8KB

Download
memory/1800-57-0x000000006D100000-0x000000006D128000-memory.dmp

Filesize
160KB

Download
memory/1800-58-0x0000000000120000-0x0000000000149000-memory.dmp

Filesize
164KB

Download
memory/1800-71-0x0000000000120000-0x0000000000149000-memory.dmp

Filesize
164KB

Download
memory/1800-73-0x0000000000120000-0x0000000000149000-memory.dmp

Filesize
164KB

Download
memory/1800-74-0x000000006D100000-0x000000006D128000-memory.dmp

Filesize
160KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads