Analysis
-
max time kernel
37s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
04-12-2022 12:50
Behavioral task
behavioral1
Sample
af2e5433377b74cb6b0d3cc39aa88a8d5d70276f241c4bc12a56674f8ec7fe9a.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
af2e5433377b74cb6b0d3cc39aa88a8d5d70276f241c4bc12a56674f8ec7fe9a.dll
Resource
win10v2004-20220901-en
General
-
Target
af2e5433377b74cb6b0d3cc39aa88a8d5d70276f241c4bc12a56674f8ec7fe9a.dll
-
Size
320KB
-
MD5
f64d060eaf2561560d3bc439b62f9517
-
SHA1
99948e1a93e506d6490b705d356a21b668b8bf0a
-
SHA256
af2e5433377b74cb6b0d3cc39aa88a8d5d70276f241c4bc12a56674f8ec7fe9a
-
SHA512
9c4d21784e75cf19b26c44fe0dd7de8d7fefb66f7b5a2f981db7e6b5edce532931589a9bd9a99d739f80ec171a72c9af70db6095dcc69e4c2b0771999a3d1605
-
SSDEEP
3072:kmCal1sCQTWCiMlmYV8siPcJNx1u0Ts66oP+/wAKaLZVWYJ66H+DHsBsqB4:kmCazsiPcJTNfGYAhzWJjDMGw4
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1560 1344 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1344 wrote to memory of 1560 1344 rundll32.exe WerFault.exe PID 1344 wrote to memory of 1560 1344 rundll32.exe WerFault.exe PID 1344 wrote to memory of 1560 1344 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\af2e5433377b74cb6b0d3cc39aa88a8d5d70276f241c4bc12a56674f8ec7fe9a.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1344 -s 562⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1560-54-0x0000000000000000-mapping.dmp