Analysis
-
max time kernel
119s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
01-02-2023 08:24
Static task
static1
Behavioral task
behavioral1
Sample
DECIDENT.lnk
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
DECIDENT.lnk
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
SPASTICS/QUINIBLE.dll
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
SPASTICS/QUINIBLE.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
SPASTICS/STYRACIN.cmd
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
SPASTICS/STYRACIN.cmd
Resource
win10v2004-20221111-en
General
-
Target
SPASTICS/QUINIBLE.dll
-
Size
1.0MB
-
MD5
a146dac7b641fff2c5c3c0cf320731aa
-
SHA1
0b21a4b04e79565e26e4236772d4605fc39862e7
-
SHA256
95ad74c1dff5293c49c955a4e77c17e6912c7b8d1fc8f5f4c6f05ac77a56a9ab
-
SHA512
9fa32a0d1128c90b27c31080a767b6f5c34638a436c5573af9a990acab2973b7f93116509ffd4519e0a56572d2f1640f8c7dad9310153ca7c06a752ab95f9b19
-
SSDEEP
24576:x7Vt9qfawrN27U1izzZaRbfp81L/Wm/nd6WrrUU9fQT:1BqfSU14Zadq1L/cWrrHfQ
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 952 1992 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1992 wrote to memory of 952 1992 rundll32.exe WerFault.exe PID 1992 wrote to memory of 952 1992 rundll32.exe WerFault.exe PID 1992 wrote to memory of 952 1992 rundll32.exe WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/952-54-0x0000000000000000-mapping.dmp