Analysis
-
max time kernel
142s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
01-04-2023 19:55
Behavioral task
behavioral1
Sample
31cde3f510ab29af1c526ea548229374899606d2a98b62b3de5af2b540bc7342.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
31cde3f510ab29af1c526ea548229374899606d2a98b62b3de5af2b540bc7342.dll
Resource
win10v2004-20230221-en
General
-
Target
31cde3f510ab29af1c526ea548229374899606d2a98b62b3de5af2b540bc7342.dll
-
Size
1.3MB
-
MD5
301ae731858e928feab43dd23cc9e63c
-
SHA1
42c70c58652d15061b84c671640d31cef619e0d9
-
SHA256
31cde3f510ab29af1c526ea548229374899606d2a98b62b3de5af2b540bc7342
-
SHA512
b1b7a792c018cd4f4657dec6c7b892e5354b9b219f3ee83f3c662dab65a7caa2e4ad4d0cfc6ff58e87e7cc8f3c876750976a70dd2fcc9c9a7bd7846868f4108e
-
SSDEEP
24576:FNCgNdSGdv0o4TvDjbOf2FfWl8KuqGavkg3NyNIbbbIoIBAUZLYGgD:FNCgN5Ma+s8KuqGaX0ToIBAUZLYGG
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 868 956 WerFault.exe rundll32.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
rundll32.exepid process 956 rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 912 wrote to memory of 956 912 rundll32.exe rundll32.exe PID 912 wrote to memory of 956 912 rundll32.exe rundll32.exe PID 912 wrote to memory of 956 912 rundll32.exe rundll32.exe PID 912 wrote to memory of 956 912 rundll32.exe rundll32.exe PID 912 wrote to memory of 956 912 rundll32.exe rundll32.exe PID 912 wrote to memory of 956 912 rundll32.exe rundll32.exe PID 912 wrote to memory of 956 912 rundll32.exe rundll32.exe PID 956 wrote to memory of 868 956 rundll32.exe WerFault.exe PID 956 wrote to memory of 868 956 rundll32.exe WerFault.exe PID 956 wrote to memory of 868 956 rundll32.exe WerFault.exe PID 956 wrote to memory of 868 956 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\31cde3f510ab29af1c526ea548229374899606d2a98b62b3de5af2b540bc7342.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\31cde3f510ab29af1c526ea548229374899606d2a98b62b3de5af2b540bc7342.dll,#12⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 3123⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/956-54-0x0000000010000000-0x0000000010243000-memory.dmpFilesize
2.3MB
-
memory/956-55-0x0000000010000000-0x0000000010243000-memory.dmpFilesize
2.3MB
-
memory/956-56-0x0000000010000000-0x0000000010243000-memory.dmpFilesize
2.3MB
-
memory/956-57-0x0000000010000000-0x0000000010243000-memory.dmpFilesize
2.3MB
-
memory/956-58-0x0000000010000000-0x0000000010243000-memory.dmpFilesize
2.3MB
-
memory/956-59-0x0000000010000000-0x0000000010243000-memory.dmpFilesize
2.3MB