7eeff3e4441260104fe2aa14e9f8c9da21aa46e5d1f58d17341ff551ebd91080

Analysis

max time kernel
143s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2023 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7eeff3e4441260104fe2aa14e9f8c9da21aa46e5d1f58d17341ff551ebd91080.dll
Size

2.0MB
MD5

59b8875f57a36e84fe6188d0f9909623
SHA1

8ab4440690ffbf6ab0923a23fe5cb3b9757ff47f
SHA256

7eeff3e4441260104fe2aa14e9f8c9da21aa46e5d1f58d17341ff551ebd91080
SHA512

fa16dc7dc900ca12cf9a475b491533ce875593be16b9f6a23d654afcb4976e3f0519ba2bcdacac3f2b0a3465760a54046a494220b20279970bd1a68f088b1bfd
SSDEEP

49152:LXPCqrporFlfSRnTdZF03Da+VFXbSbv4:zPndMiTvF03Da+VFXb3

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 4 IoCs

Processes:

rundll32.exe

description	ioc	process
File created	C:\Windows\SysWOW64\×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê\×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê.ink	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê\×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê.ink	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê\×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê.lnk	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê×Ê	rundll32.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3216 4660 WerFault.exe rundll32.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

rundll32.exe

pid process

4660 rundll32.exe
4660 rundll32.exe

pid	pid_target	process	target process
3216	4660	WerFault.exe	rundll32.exe

pid	process
4660	rundll32.exe
4660	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3700 wrote to memory of 4660	3700	rundll32.exe	rundll32.exe
PID 3700 wrote to memory of 4660	3700	rundll32.exe	rundll32.exe
PID 3700 wrote to memory of 4660	3700	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7eeff3e4441260104fe2aa14e9f8c9da21aa46e5d1f58d17341ff551ebd91080.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3700
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7eeff3e4441260104fe2aa14e9f8c9da21aa46e5d1f58d17341ff551ebd91080.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4660
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 704
    3⤵
    - Program crash
    PID:3216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4660 -ip 4660
1⤵
PID:4204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4660-137-0x0000000002C50000-0x0000000002C84000-memory.dmp

Filesize
208KB

Download
memory/4660-136-0x0000000002C50000-0x0000000002C84000-memory.dmp

Filesize
208KB

Download