0c2c089d9341b6c1e1511cfe02d6cc3c2bca4a2ed451a174deda6fd8cb619296

Analysis

max time kernel
26s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c2c089d9341b6c1e1511cfe02d6cc3c2bca4a2ed451a174deda6fd8cb619296.dll
Size

2.3MB
MD5

0ff3cd66f402c409e341afaceeab1d1a
SHA1

fd3aa891831d41b727a8e47c2e17c47d221e7205
SHA256

0c2c089d9341b6c1e1511cfe02d6cc3c2bca4a2ed451a174deda6fd8cb619296
SHA512

fbe1e739a5ad1472718ed7d13e6e69cb0222b7c6eeb99959c8e2e4db4113a6a12fceebaf54a7539216277aedc24416526527306cd2756d4938653e6878aeab96
SSDEEP

49152:gU3U+ZYmxjpv7x4GFM/+b8dTMNh9Wr73h7NXSWEqNJO5hYTVMCRisKEt:giU2YmxjpDx4Zo8dYNh9q73h7NXYkRim

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1108	rundll32mgr.exe

Loads dropped DLL 9 IoCs

pid	Process
2024	rundll32.exe
2024	rundll32.exe
1324	WerFault.exe
1324	WerFault.exe
1324	WerFault.exe
1324	WerFault.exe
1324	WerFault.exe
1324	WerFault.exe
1324	WerFault.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rundll32mgr.exe	rundll32.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1324	1108	WerFault.exe	28
1284	2024	WerFault.exe	27

Suspicious use of WriteProcessMemory 19 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 2024	1348	rundll32.exe	27
PID 1348 wrote to memory of 2024	1348	rundll32.exe	27
PID 1348 wrote to memory of 2024	1348	rundll32.exe	27
PID 1348 wrote to memory of 2024	1348	rundll32.exe	27
PID 1348 wrote to memory of 2024	1348	rundll32.exe	27
PID 1348 wrote to memory of 2024	1348	rundll32.exe	27
PID 1348 wrote to memory of 2024	1348	rundll32.exe	27
PID 2024 wrote to memory of 1108	2024	rundll32.exe	28
PID 2024 wrote to memory of 1108	2024	rundll32.exe	28
PID 2024 wrote to memory of 1108	2024	rundll32.exe	28
PID 2024 wrote to memory of 1108	2024	rundll32.exe	28
PID 2024 wrote to memory of 1284	2024	rundll32.exe	30
PID 2024 wrote to memory of 1284	2024	rundll32.exe	30
PID 2024 wrote to memory of 1284	2024	rundll32.exe	30
PID 2024 wrote to memory of 1284	2024	rundll32.exe	30
PID 1108 wrote to memory of 1324	1108	rundll32mgr.exe	29
PID 1108 wrote to memory of 1324	1108	rundll32mgr.exe	29
PID 1108 wrote to memory of 1324	1108	rundll32mgr.exe	29
PID 1108 wrote to memory of 1324	1108	rundll32mgr.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0c2c089d9341b6c1e1511cfe02d6cc3c2bca4a2ed451a174deda6fd8cb619296.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0c2c089d9341b6c1e1511cfe02d6cc3c2bca4a2ed451a174deda6fd8cb619296.dll,#1
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2024
- - C:\Windows\SysWOW64\rundll32mgr.exe
    C:\Windows\SysWOW64\rundll32mgr.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1108
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 100
      4⤵
      Loads dropped DLL
      Program crash
      PID:1324
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 232
    3⤵
    - Program crash
    PID:1284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\rundll32mgr.exe

Filesize
92KB

MD5
f3cd42733c9f17686eb97e547f595220

SHA1
63579bee2925fc4c6dc1c1d1c43548bdfb474e32

SHA256
46eeefd6ce0063d613b07a8a4765b23ae0dd30c5ee5638294c696a81da47e758

SHA512
82d426939e4d3155b7260eb9b67680652a68deebfc7391307a70647f17f8621d744389c791b1585f34b4aaf16ea309901363189b07a1962b0f3bdae3c3ef0fb4

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
92KB

MD5
f3cd42733c9f17686eb97e547f595220

SHA1
63579bee2925fc4c6dc1c1d1c43548bdfb474e32

SHA256
46eeefd6ce0063d613b07a8a4765b23ae0dd30c5ee5638294c696a81da47e758

SHA512
82d426939e4d3155b7260eb9b67680652a68deebfc7391307a70647f17f8621d744389c791b1585f34b4aaf16ea309901363189b07a1962b0f3bdae3c3ef0fb4

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
92KB

MD5
f3cd42733c9f17686eb97e547f595220

SHA1
63579bee2925fc4c6dc1c1d1c43548bdfb474e32

SHA256
46eeefd6ce0063d613b07a8a4765b23ae0dd30c5ee5638294c696a81da47e758

SHA512
82d426939e4d3155b7260eb9b67680652a68deebfc7391307a70647f17f8621d744389c791b1585f34b4aaf16ea309901363189b07a1962b0f3bdae3c3ef0fb4

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
92KB

MD5
f3cd42733c9f17686eb97e547f595220

SHA1
63579bee2925fc4c6dc1c1d1c43548bdfb474e32

SHA256
46eeefd6ce0063d613b07a8a4765b23ae0dd30c5ee5638294c696a81da47e758

SHA512
82d426939e4d3155b7260eb9b67680652a68deebfc7391307a70647f17f8621d744389c791b1585f34b4aaf16ea309901363189b07a1962b0f3bdae3c3ef0fb4

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
92KB

MD5
f3cd42733c9f17686eb97e547f595220

SHA1
63579bee2925fc4c6dc1c1d1c43548bdfb474e32

SHA256
46eeefd6ce0063d613b07a8a4765b23ae0dd30c5ee5638294c696a81da47e758

SHA512
82d426939e4d3155b7260eb9b67680652a68deebfc7391307a70647f17f8621d744389c791b1585f34b4aaf16ea309901363189b07a1962b0f3bdae3c3ef0fb4

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
92KB

MD5
f3cd42733c9f17686eb97e547f595220

SHA1
63579bee2925fc4c6dc1c1d1c43548bdfb474e32

SHA256
46eeefd6ce0063d613b07a8a4765b23ae0dd30c5ee5638294c696a81da47e758

SHA512
82d426939e4d3155b7260eb9b67680652a68deebfc7391307a70647f17f8621d744389c791b1585f34b4aaf16ea309901363189b07a1962b0f3bdae3c3ef0fb4

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
92KB

MD5
f3cd42733c9f17686eb97e547f595220

SHA1
63579bee2925fc4c6dc1c1d1c43548bdfb474e32

SHA256
46eeefd6ce0063d613b07a8a4765b23ae0dd30c5ee5638294c696a81da47e758

SHA512
82d426939e4d3155b7260eb9b67680652a68deebfc7391307a70647f17f8621d744389c791b1585f34b4aaf16ea309901363189b07a1962b0f3bdae3c3ef0fb4

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
92KB

MD5
f3cd42733c9f17686eb97e547f595220

SHA1
63579bee2925fc4c6dc1c1d1c43548bdfb474e32

SHA256
46eeefd6ce0063d613b07a8a4765b23ae0dd30c5ee5638294c696a81da47e758

SHA512
82d426939e4d3155b7260eb9b67680652a68deebfc7391307a70647f17f8621d744389c791b1585f34b4aaf16ea309901363189b07a1962b0f3bdae3c3ef0fb4

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
92KB

MD5
f3cd42733c9f17686eb97e547f595220

SHA1
63579bee2925fc4c6dc1c1d1c43548bdfb474e32

SHA256
46eeefd6ce0063d613b07a8a4765b23ae0dd30c5ee5638294c696a81da47e758

SHA512
82d426939e4d3155b7260eb9b67680652a68deebfc7391307a70647f17f8621d744389c791b1585f34b4aaf16ea309901363189b07a1962b0f3bdae3c3ef0fb4

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
92KB

MD5
f3cd42733c9f17686eb97e547f595220

SHA1
63579bee2925fc4c6dc1c1d1c43548bdfb474e32

SHA256
46eeefd6ce0063d613b07a8a4765b23ae0dd30c5ee5638294c696a81da47e758

SHA512
82d426939e4d3155b7260eb9b67680652a68deebfc7391307a70647f17f8621d744389c791b1585f34b4aaf16ea309901363189b07a1962b0f3bdae3c3ef0fb4

Download Submit
memory/1108-71-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/2024-55-0x0000000075071000-0x0000000075073000-memory.dmp

Filesize
8KB

Download
memory/2024-68-0x0000000008000000-0x0000000008252000-memory.dmp

Filesize
2.3MB

Download
memory/2024-69-0x00000000003B0000-0x000000000040D000-memory.dmp

Filesize
372KB

Download
memory/2024-70-0x00000000003B0000-0x000000000040D000-memory.dmp

Filesize
372KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads