Analysis
-
max time kernel
150s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
22-02-2023 20:58
Behavioral task
behavioral1
Sample
7d501dad75d6a95ed73eb41f26543e401d5b061995a41ba0e05c94d5c4b1ef7a.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
7d501dad75d6a95ed73eb41f26543e401d5b061995a41ba0e05c94d5c4b1ef7a.dll
Resource
win10v2004-20230220-en
General
-
Target
7d501dad75d6a95ed73eb41f26543e401d5b061995a41ba0e05c94d5c4b1ef7a.dll
-
Size
1.3MB
-
MD5
b3b6e4008889f72166d30c458533366b
-
SHA1
2b530848cf99d95e478ce1271396e67d62fe2aeb
-
SHA256
7d501dad75d6a95ed73eb41f26543e401d5b061995a41ba0e05c94d5c4b1ef7a
-
SHA512
9892c30181a310f54b05d380217eafabec303cb4160dd761439d79d916c1f068d31cf1be864de96aa18f99b43421b588cd5b99eae4c08defe0ae71e6f3394615
-
SSDEEP
24576:oe4P7eOOgqsWHExNblWuWOJ/jcZsdii0j4wXFOxRD687c:oefLgqsWHaAuWE/jczi0j4qcL
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2020 1920 WerFault.exe rundll32.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
rundll32.exepid process 1920 rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 324 wrote to memory of 1920 324 rundll32.exe rundll32.exe PID 324 wrote to memory of 1920 324 rundll32.exe rundll32.exe PID 324 wrote to memory of 1920 324 rundll32.exe rundll32.exe PID 324 wrote to memory of 1920 324 rundll32.exe rundll32.exe PID 324 wrote to memory of 1920 324 rundll32.exe rundll32.exe PID 324 wrote to memory of 1920 324 rundll32.exe rundll32.exe PID 324 wrote to memory of 1920 324 rundll32.exe rundll32.exe PID 1920 wrote to memory of 2020 1920 rundll32.exe WerFault.exe PID 1920 wrote to memory of 2020 1920 rundll32.exe WerFault.exe PID 1920 wrote to memory of 2020 1920 rundll32.exe WerFault.exe PID 1920 wrote to memory of 2020 1920 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7d501dad75d6a95ed73eb41f26543e401d5b061995a41ba0e05c94d5c4b1ef7a.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7d501dad75d6a95ed73eb41f26543e401d5b061995a41ba0e05c94d5c4b1ef7a.dll,#12⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 3523⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1920-55-0x0000000002090000-0x000000000250D000-memory.dmpFilesize
4.5MB
-
memory/1920-56-0x0000000002090000-0x000000000250D000-memory.dmpFilesize
4.5MB
-
memory/1920-54-0x0000000002090000-0x000000000250D000-memory.dmpFilesize
4.5MB
-
memory/1920-57-0x0000000002090000-0x000000000250D000-memory.dmpFilesize
4.5MB
-
memory/1920-58-0x0000000002090000-0x000000000250D000-memory.dmpFilesize
4.5MB