3428b8352d810d82defc02d32ef3a892aa56b5acaabd00a841634c7a08aa04b1

Analysis

max time kernel
82s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2023 04:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3428b8352d810d82defc02d32ef3a892aa56b5acaabd00a841634c7a08aa04b1.exe
Size

3.7MB
MD5

9c1d8c5c1201e9c57929ba0bb5531796
SHA1

d4653471f2c7c24c4c193ebdadde4482e94c5fd8
SHA256

3428b8352d810d82defc02d32ef3a892aa56b5acaabd00a841634c7a08aa04b1
SHA512

6e699e0e286ad52f0af6514471a339f5ed98d872031ec47a725b44779d74bd0089dbaccce5750b389a250b97ee8c1fe4cdb2c9a545bab077e69841ba15343d77
SSDEEP

98304:f0vGRpT0cEQsb+aOAgrf4sMLz+9nXR38Iv3flGKDMb:svkpT0vfSf4sMmdXV8IvUKDM

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1060	rundll32.exe
1060	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1204	2088	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 1060	2088	3428b8352d810d82defc02d32ef3a892aa56b5acaabd00a841634c7a08aa04b1.exe	88
PID 2088 wrote to memory of 1060	2088	3428b8352d810d82defc02d32ef3a892aa56b5acaabd00a841634c7a08aa04b1.exe	88
PID 2088 wrote to memory of 1060	2088	3428b8352d810d82defc02d32ef3a892aa56b5acaabd00a841634c7a08aa04b1.exe	88

C:\Users\Admin\AppData\Local\Temp\3428b8352d810d82defc02d32ef3a892aa56b5acaabd00a841634c7a08aa04b1.exe
"C:\Users\Admin\AppData\Local\Temp\3428b8352d810d82defc02d32ef3a892aa56b5acaabd00a841634c7a08aa04b1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\SysWOW64\rundll32.exe
  C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Rewurtuihyfrtty.dll,start
  2⤵
  - Loads dropped DLL
  PID:1060
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 512
  2⤵
  - Program crash
  PID:1204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2088 -ip 2088
1⤵
PID:4128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Rewurtuihyfrtty.dll

Filesize
4.3MB

MD5
dfa288e4bd49e2bff060ced20204071c

SHA1
756ed0b1b86adac7bc36846768fd38bd13ed293d

SHA256
42dbe9e87d6000b974e92742044c0cc508b662bdd0d66aa000affcd413ebcd52

SHA512
ef24d23406aef833bc0c263e3354c563b5fe7b91ceedc83b81ec3f54baadcaff9f1d17c7c2b6f41ec8b93360fc24aee9b0de2d7ee7e2a2a82c23f5058b645853

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rewurtuihyfrtty.dll

Filesize
4.3MB

MD5
dfa288e4bd49e2bff060ced20204071c

SHA1
756ed0b1b86adac7bc36846768fd38bd13ed293d

SHA256
42dbe9e87d6000b974e92742044c0cc508b662bdd0d66aa000affcd413ebcd52

SHA512
ef24d23406aef833bc0c263e3354c563b5fe7b91ceedc83b81ec3f54baadcaff9f1d17c7c2b6f41ec8b93360fc24aee9b0de2d7ee7e2a2a82c23f5058b645853

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rewurtuihyfrtty.dll

Filesize
4.3MB

MD5
dfa288e4bd49e2bff060ced20204071c

SHA1
756ed0b1b86adac7bc36846768fd38bd13ed293d

SHA256
42dbe9e87d6000b974e92742044c0cc508b662bdd0d66aa000affcd413ebcd52

SHA512
ef24d23406aef833bc0c263e3354c563b5fe7b91ceedc83b81ec3f54baadcaff9f1d17c7c2b6f41ec8b93360fc24aee9b0de2d7ee7e2a2a82c23f5058b645853

Download Submit
memory/1060-136-0x0000000000000000-mapping.dmp

Download
memory/1060-140-0x00000000028A0000-0x0000000002CEF000-memory.dmp

Filesize
4.3MB

Download
memory/1060-141-0x00000000028A0000-0x0000000002CEF000-memory.dmp

Filesize
4.3MB

Download
memory/1060-143-0x00000000028A0000-0x0000000002CEF000-memory.dmp

Filesize
4.3MB

Download
memory/2088-132-0x0000000003612000-0x0000000003995000-memory.dmp

Filesize
3.5MB

Download
memory/2088-133-0x0000000004FB0000-0x0000000005490000-memory.dmp

Filesize
4.9MB

Download
memory/2088-134-0x0000000000400000-0x0000000002FAE000-memory.dmp

Filesize
43.7MB

Download
memory/2088-135-0x0000000000400000-0x0000000002FAE000-memory.dmp

Filesize
43.7MB

Download
memory/2088-142-0x0000000000400000-0x0000000002FAE000-memory.dmp

Filesize
43.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads