Analysis
-
max time kernel
31s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
24-01-2023 18:58
Static task
static1
Behavioral task
behavioral1
Sample
DRAWBOLT.lnk
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
DRAWBOLT.lnk
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
WORKHAND/DIURESIS.dll
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
WORKHAND/DIURESIS.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
WORKHAND/EXCRESCE.cmd
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
WORKHAND/EXCRESCE.cmd
Resource
win10v2004-20220812-en
General
-
Target
WORKHAND/DIURESIS.dll
-
Size
1.0MB
-
MD5
a146dac7b641fff2c5c3c0cf320731aa
-
SHA1
0b21a4b04e79565e26e4236772d4605fc39862e7
-
SHA256
95ad74c1dff5293c49c955a4e77c17e6912c7b8d1fc8f5f4c6f05ac77a56a9ab
-
SHA512
9fa32a0d1128c90b27c31080a767b6f5c34638a436c5573af9a990acab2973b7f93116509ffd4519e0a56572d2f1640f8c7dad9310153ca7c06a752ab95f9b19
-
SSDEEP
24576:x7Vt9qfawrN27U1izzZaRbfp81L/Wm/nd6WrrUU9fQT:1BqfSU14Zadq1L/cWrrHfQ
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1888 1160 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1160 wrote to memory of 1888 1160 rundll32.exe WerFault.exe PID 1160 wrote to memory of 1888 1160 rundll32.exe WerFault.exe PID 1160 wrote to memory of 1888 1160 rundll32.exe WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1888-54-0x0000000000000000-mapping.dmp