7c151ee96dd979835f0c680423092d54ea9df805a7f233d8d55ff21930cf1acd

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 07:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c151ee96dd979835f0c680423092d54ea9df805a7f233d8d55ff21930cf1acd.dll
Size

264KB
MD5

c821f4ae5b74117d497124b7871e5330
SHA1

cce83413fa096db4d4edf027c696441e83cd388d
SHA256

7c151ee96dd979835f0c680423092d54ea9df805a7f233d8d55ff21930cf1acd
SHA512

50c95770a2b5d7684031c29f20d91e29c3edacd84c51f56d16eb4a23c0169bdd2acd34901a6bf67699852fb7ebb38aa9f7c0ae52d5a52f154fa865632d27678b
SSDEEP

3072:Pn4cV8gf2u41Z5tKlw9SFjN5vKRYkE4GKLYXlJV9b8LXSI2ft/qZm9Y:v4y8gOl2ljNx05EAYP91yI9Y

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1636	rundll32mgr.exe

Loads dropped DLL 9 IoCs

pid	Process
1496	rundll32.exe
1496	rundll32.exe
948	WerFault.exe
948	WerFault.exe
948	WerFault.exe
948	WerFault.exe
948	WerFault.exe
948	WerFault.exe
948	WerFault.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rundll32mgr.exe	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
948	1636	WerFault.exe	28

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 1496	2016	rundll32.exe	27
PID 2016 wrote to memory of 1496	2016	rundll32.exe	27
PID 2016 wrote to memory of 1496	2016	rundll32.exe	27
PID 2016 wrote to memory of 1496	2016	rundll32.exe	27
PID 2016 wrote to memory of 1496	2016	rundll32.exe	27
PID 2016 wrote to memory of 1496	2016	rundll32.exe	27
PID 2016 wrote to memory of 1496	2016	rundll32.exe	27
PID 1496 wrote to memory of 1636	1496	rundll32.exe	28
PID 1496 wrote to memory of 1636	1496	rundll32.exe	28
PID 1496 wrote to memory of 1636	1496	rundll32.exe	28
PID 1496 wrote to memory of 1636	1496	rundll32.exe	28
PID 1636 wrote to memory of 948	1636	rundll32mgr.exe	29
PID 1636 wrote to memory of 948	1636	rundll32mgr.exe	29
PID 1636 wrote to memory of 948	1636	rundll32mgr.exe	29
PID 1636 wrote to memory of 948	1636	rundll32mgr.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7c151ee96dd979835f0c680423092d54ea9df805a7f233d8d55ff21930cf1acd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7c151ee96dd979835f0c680423092d54ea9df805a7f233d8d55ff21930cf1acd.dll,#1
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1496
- - C:\Windows\SysWOW64\rundll32mgr.exe
    C:\Windows\SysWOW64\rundll32mgr.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1636
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 156
      4⤵
      Loads dropped DLL
      Program crash
      PID:948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\rundll32mgr.exe

Filesize
169KB

MD5
01a0e38aa538eb123f13c8e485e9e60c

SHA1
34fa49994b1b5db890412415f94d13e4b4f1abee

SHA256
eef6fb84670b713fec9a1eca265af13bff63d8458b0cbf678b611222da184fbc

SHA512
ed0f7edcfaaa12e5192563c7398c8bd761ff84e00d0e100af80a9155b4fcde5a542b890b872429c6d365349fcc51a15cb5b2198fe12f4e4a1a89e805b1c5cdd1

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
169KB

MD5
01a0e38aa538eb123f13c8e485e9e60c

SHA1
34fa49994b1b5db890412415f94d13e4b4f1abee

SHA256
eef6fb84670b713fec9a1eca265af13bff63d8458b0cbf678b611222da184fbc

SHA512
ed0f7edcfaaa12e5192563c7398c8bd761ff84e00d0e100af80a9155b4fcde5a542b890b872429c6d365349fcc51a15cb5b2198fe12f4e4a1a89e805b1c5cdd1

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
169KB

MD5
01a0e38aa538eb123f13c8e485e9e60c

SHA1
34fa49994b1b5db890412415f94d13e4b4f1abee

SHA256
eef6fb84670b713fec9a1eca265af13bff63d8458b0cbf678b611222da184fbc

SHA512
ed0f7edcfaaa12e5192563c7398c8bd761ff84e00d0e100af80a9155b4fcde5a542b890b872429c6d365349fcc51a15cb5b2198fe12f4e4a1a89e805b1c5cdd1

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
169KB

MD5
01a0e38aa538eb123f13c8e485e9e60c

SHA1
34fa49994b1b5db890412415f94d13e4b4f1abee

SHA256
eef6fb84670b713fec9a1eca265af13bff63d8458b0cbf678b611222da184fbc

SHA512
ed0f7edcfaaa12e5192563c7398c8bd761ff84e00d0e100af80a9155b4fcde5a542b890b872429c6d365349fcc51a15cb5b2198fe12f4e4a1a89e805b1c5cdd1

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
169KB

MD5
01a0e38aa538eb123f13c8e485e9e60c

SHA1
34fa49994b1b5db890412415f94d13e4b4f1abee

SHA256
eef6fb84670b713fec9a1eca265af13bff63d8458b0cbf678b611222da184fbc

SHA512
ed0f7edcfaaa12e5192563c7398c8bd761ff84e00d0e100af80a9155b4fcde5a542b890b872429c6d365349fcc51a15cb5b2198fe12f4e4a1a89e805b1c5cdd1

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
169KB

MD5
01a0e38aa538eb123f13c8e485e9e60c

SHA1
34fa49994b1b5db890412415f94d13e4b4f1abee

SHA256
eef6fb84670b713fec9a1eca265af13bff63d8458b0cbf678b611222da184fbc

SHA512
ed0f7edcfaaa12e5192563c7398c8bd761ff84e00d0e100af80a9155b4fcde5a542b890b872429c6d365349fcc51a15cb5b2198fe12f4e4a1a89e805b1c5cdd1

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
169KB

MD5
01a0e38aa538eb123f13c8e485e9e60c

SHA1
34fa49994b1b5db890412415f94d13e4b4f1abee

SHA256
eef6fb84670b713fec9a1eca265af13bff63d8458b0cbf678b611222da184fbc

SHA512
ed0f7edcfaaa12e5192563c7398c8bd761ff84e00d0e100af80a9155b4fcde5a542b890b872429c6d365349fcc51a15cb5b2198fe12f4e4a1a89e805b1c5cdd1

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
169KB

MD5
01a0e38aa538eb123f13c8e485e9e60c

SHA1
34fa49994b1b5db890412415f94d13e4b4f1abee

SHA256
eef6fb84670b713fec9a1eca265af13bff63d8458b0cbf678b611222da184fbc

SHA512
ed0f7edcfaaa12e5192563c7398c8bd761ff84e00d0e100af80a9155b4fcde5a542b890b872429c6d365349fcc51a15cb5b2198fe12f4e4a1a89e805b1c5cdd1

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
169KB

MD5
01a0e38aa538eb123f13c8e485e9e60c

SHA1
34fa49994b1b5db890412415f94d13e4b4f1abee

SHA256
eef6fb84670b713fec9a1eca265af13bff63d8458b0cbf678b611222da184fbc

SHA512
ed0f7edcfaaa12e5192563c7398c8bd761ff84e00d0e100af80a9155b4fcde5a542b890b872429c6d365349fcc51a15cb5b2198fe12f4e4a1a89e805b1c5cdd1

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
169KB

MD5
01a0e38aa538eb123f13c8e485e9e60c

SHA1
34fa49994b1b5db890412415f94d13e4b4f1abee

SHA256
eef6fb84670b713fec9a1eca265af13bff63d8458b0cbf678b611222da184fbc

SHA512
ed0f7edcfaaa12e5192563c7398c8bd761ff84e00d0e100af80a9155b4fcde5a542b890b872429c6d365349fcc51a15cb5b2198fe12f4e4a1a89e805b1c5cdd1

Download Submit
memory/1496-55-0x00000000761F1000-0x00000000761F3000-memory.dmp

Filesize
8KB

Download
memory/1636-69-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads