2044061fafbe1c8703577d59ab0dd0369a96ddc6a09215d23d34f5ce83f0ac99

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 13:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2044061fafbe1c8703577d59ab0dd0369a96ddc6a09215d23d34f5ce83f0ac99.dll
Size

470KB
MD5

81686b5912e6a9060ac26aaf637ac900
SHA1

40df867f97f8d4aff86f511227a683eb78567a05
SHA256

2044061fafbe1c8703577d59ab0dd0369a96ddc6a09215d23d34f5ce83f0ac99
SHA512

15c8331eec32812140ea078cf1cac567b89af0c289b5f95443448b0ad621e4cb6185d2c9e70331d11fb1adf6b5e10d3a49358d8489e449c836812e3aca6f8314
SSDEEP

12288:1zA5lZhy6RpB/6eXMVVLrkwTzCunpKI13YEqWkcXH//V+4:1zA5HhRPSeX2VHkuzRnpz1ofcX1L

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1536	rundll32mgr.exe

Loads dropped DLL 9 IoCs

pid	Process
552	rundll32.exe
552	rundll32.exe
1964	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rundll32mgr.exe	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1964	1536	WerFault.exe	28

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 552	868	rundll32.exe	27
PID 868 wrote to memory of 552	868	rundll32.exe	27
PID 868 wrote to memory of 552	868	rundll32.exe	27
PID 868 wrote to memory of 552	868	rundll32.exe	27
PID 868 wrote to memory of 552	868	rundll32.exe	27
PID 868 wrote to memory of 552	868	rundll32.exe	27
PID 868 wrote to memory of 552	868	rundll32.exe	27
PID 552 wrote to memory of 1536	552	rundll32.exe	28
PID 552 wrote to memory of 1536	552	rundll32.exe	28
PID 552 wrote to memory of 1536	552	rundll32.exe	28
PID 552 wrote to memory of 1536	552	rundll32.exe	28
PID 1536 wrote to memory of 1964	1536	rundll32mgr.exe	29
PID 1536 wrote to memory of 1964	1536	rundll32mgr.exe	29
PID 1536 wrote to memory of 1964	1536	rundll32mgr.exe	29
PID 1536 wrote to memory of 1964	1536	rundll32mgr.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2044061fafbe1c8703577d59ab0dd0369a96ddc6a09215d23d34f5ce83f0ac99.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:868
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2044061fafbe1c8703577d59ab0dd0369a96ddc6a09215d23d34f5ce83f0ac99.dll,#1
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:552
- - C:\Windows\SysWOW64\rundll32mgr.exe
    C:\Windows\SysWOW64\rundll32mgr.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1536
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 156
      4⤵
      Loads dropped DLL
      Program crash
      PID:1964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
59KB

MD5
0e0f0ae845d89c22bb6385f64a6b85fd

SHA1
0f3f1e7f18ab81572c5ce938d3880d4a5d7100ac

SHA256
5a5b85c582d5d4b3b912ee6789babebf8ae6d87330d0d33d87274841952899dd

SHA512
baec989a6329a2a60d954e83279fd57ba2000f8ed79e7a02d145bf44a5bffcd9a831c63f4b7d44e40c51e40b1dfbe72c5cebac04d0ce7b2295e3fd191b122350

Download Submit
memory/552-60-0x0000000074730000-0x00000000747B0000-memory.dmp

Filesize
512KB

Download
memory/552-55-0x0000000075131000-0x0000000075133000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads