Analysis
-
max time kernel
135s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
19-06-2023 19:11
Behavioral task
behavioral1
Sample
cc978c3346a1037cd40776b72af9fcda4076afb5f10029130de6df603043fc3a.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
cc978c3346a1037cd40776b72af9fcda4076afb5f10029130de6df603043fc3a.dll
Resource
win10v2004-20230220-en
General
-
Target
cc978c3346a1037cd40776b72af9fcda4076afb5f10029130de6df603043fc3a.dll
-
Size
939KB
-
MD5
8af07a7e620ff01e2be5869db105b012
-
SHA1
5bfb4803ef6249f22f8e571fab74bf9a3730c2e6
-
SHA256
cc978c3346a1037cd40776b72af9fcda4076afb5f10029130de6df603043fc3a
-
SHA512
21fe37c8fe4634d0bcc3bbbfdb1435af982e2c31fe3297d50a78417bac964c252ff441c76d107ea94ac8b85aab02d1d0aa697b5615be83f2e5fba232bfbb67b5
-
SSDEEP
24576:TXvZl5Y074EjId8klXDYFBozQ/nEee7BBv:TRU07bjTkNuU7
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4256 2520 WerFault.exe rundll32.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
rundll32.exepid process 2520 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1324 wrote to memory of 2520 1324 rundll32.exe rundll32.exe PID 1324 wrote to memory of 2520 1324 rundll32.exe rundll32.exe PID 1324 wrote to memory of 2520 1324 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cc978c3346a1037cd40776b72af9fcda4076afb5f10029130de6df603043fc3a.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cc978c3346a1037cd40776b72af9fcda4076afb5f10029130de6df603043fc3a.dll,#12⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 7603⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2520 -ip 25201⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2520-133-0x0000000000400000-0x00000000006EE000-memory.dmpFilesize
2.9MB
-
memory/2520-134-0x0000000000400000-0x00000000006EE000-memory.dmpFilesize
2.9MB
-
memory/2520-135-0x0000000000400000-0x00000000006EE000-memory.dmpFilesize
2.9MB
-
memory/2520-136-0x0000000000400000-0x00000000006EE000-memory.dmpFilesize
2.9MB
-
memory/2520-137-0x0000000000400000-0x00000000006EE000-memory.dmpFilesize
2.9MB
-
memory/2520-138-0x0000000000400000-0x00000000006EE000-memory.dmpFilesize
2.9MB