Analysis
-
max time kernel
56s -
max time network
29s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
10-12-2022 03:49
Behavioral task
behavioral1
Sample
1468-92-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win7-20221111-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
1468-92-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
1468-92-0x0000000180000000-0x0000000180009000-memory.dll
-
Size
36KB
-
MD5
0f5e279cf6d84c8e5983e6f66fd72076
-
SHA1
8dd528f477f4fea2f9dee430de5c141c0f7e5587
-
SHA256
84288d0a286cbec9c6919d4dde243a5cd328c914ec3f4d9e6e305f336e92c1f6
-
SHA512
3dbda418514664dd7cd432cb219fee52e1ebf30e2ecdc2f47a02699f42d62e3230f616851bc864054daa882193d645c1bf2d9469dc214177e42026e32093e17e
-
SSDEEP
192:6P+nM5KC/zxayGc3gzq7YjDaqzJCueT+RfbZne9s6PL7yLP0tkYGijY:s5Jxayczq7Yjt9lfle9s6PLg6kYGi8
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 560 1676 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1676 wrote to memory of 560 1676 rundll32.exe WerFault.exe PID 1676 wrote to memory of 560 1676 rundll32.exe WerFault.exe PID 1676 wrote to memory of 560 1676 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1468-92-0x0000000180000000-0x0000000180009000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1676 -s 562⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/560-54-0x0000000000000000-mapping.dmp