Analysis
-
max time kernel
17s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
06-12-2022 00:59
Behavioral task
behavioral1
Sample
544-72-0x00000000002B0000-0x00000000002B9000-memory.dll
Resource
win7-20221111-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
544-72-0x00000000002B0000-0x00000000002B9000-memory.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
544-72-0x00000000002B0000-0x00000000002B9000-memory.dll
-
Size
36KB
-
MD5
6754861c91d95459c46ee1b8feceffba
-
SHA1
04768ed332da06ce26c2d0974b58ec42162b8387
-
SHA256
ba891eb60674c292acd9eca797a4bc5433da31bcb9a026b1e5ccd12d18d90ed1
-
SHA512
75a362b74e6109d18fd4dab0366902ef985f4d5ceac42f8dd990f413b7e541602fc2c9b0d681ed835bc69a8555dcf1d0d9bf4ac9a92022115383a5c2d96c97f2
-
SSDEEP
192:6P+nM5KC/zxayGc3gzq7YjDaqzJCueT+RfbZne9s6PLwgP0tkYGijYz:s5Jxayczq7Yjt9lfle9s6PLF6kYGi8z
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2036 840 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 840 wrote to memory of 2036 840 rundll32.exe WerFault.exe PID 840 wrote to memory of 2036 840 rundll32.exe WerFault.exe PID 840 wrote to memory of 2036 840 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\544-72-0x00000000002B0000-0x00000000002B9000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 840 -s 562⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2036-54-0x0000000000000000-mapping.dmp