8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

Analysis

max time kernel
74s
max time network
72s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
13/02/2023, 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lsass.dll
Size

12KB
MD5

cff85c549d536f651d4fb8387f1976f2
SHA1

d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA256

8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512

531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
SSDEEP

192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4316	652	WerFault.exe	66

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 564 wrote to memory of 652	564	rundll32.exe	66
PID 564 wrote to memory of 652	564	rundll32.exe	66
PID 564 wrote to memory of 652	564	rundll32.exe	66

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\lsass.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:564
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\lsass.dll,#1
  2⤵
  PID:652
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 636
    3⤵
    - Program crash
    PID:4316

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/652-121-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-122-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-123-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-124-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-125-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-126-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-127-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-128-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-129-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-130-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-131-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-132-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-133-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-134-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-135-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-136-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-137-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-138-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-139-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-140-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-141-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-142-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-143-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-144-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-145-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-146-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-147-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-148-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-149-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-150-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-151-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-152-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-153-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-154-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-155-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-156-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-157-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-158-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-159-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-160-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-161-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-162-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-163-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download
memory/652-164-0x0000000077D60000-0x0000000077EEE000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads