Analysis
-
max time kernel
149s -
max time network
175s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
09-12-2022 01:50
General
-
Target
1852-97-0x0000000000250000-0x000000000027A000-memory.dll
-
Size
168KB
-
MD5
0f9b985937b94985e2058e36a35358a8
-
SHA1
21db9f327f85eb46b3780bf60a7e5bb1c0f5d44d
-
SHA256
7c065469ca7c6e246d59c82eaeaa15ffb5fb5b6a571caccca342fc9bed9ad096
-
SHA512
0e5c47f767303bfc27dfbe88e18fbfa7b82bcaf666aaaa8e8b81369229246cbc84c91816f3f64eb2e8df1cb821eeab1e0f89d4994761edf1b67411769316e698
-
SSDEEP
3072:ogSPueeAMUSf/vGctAcJTRF23TBfpAfO/yaGv:pzdDfXGcucJVF23TBhAm/
Score
3/10
Malware Config
Signatures
-
Program crash 2 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1852-97-0x0000000000250000-0x000000000027A000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1852-97-0x0000000000250000-0x000000000027A000-memory.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 5603⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 5603⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3688 -ip 36881⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3688-132-0x0000000000000000-mapping.dmp
-
memory/5100-133-0x0000000000000000-mapping.dmp