Analysis
-
max time kernel
140s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
27-08-2023 11:41
Static task
static1
Behavioral task
behavioral1
Sample
231b82866fa050d4fce496f0fa227c35cf27c6a16132148dcb36b2e92253946c.dll
Resource
win7-20230824-en
Behavioral task
behavioral2
Sample
231b82866fa050d4fce496f0fa227c35cf27c6a16132148dcb36b2e92253946c.dll
Resource
win10v2004-20230703-en
General
-
Target
231b82866fa050d4fce496f0fa227c35cf27c6a16132148dcb36b2e92253946c.dll
-
Size
1.5MB
-
MD5
8c8dc921e7a52e3c0c3a8d5011f0ee23
-
SHA1
014201108cd72f794e24908346bda4e21f598692
-
SHA256
231b82866fa050d4fce496f0fa227c35cf27c6a16132148dcb36b2e92253946c
-
SHA512
b4539d7b6fecbe3b07a3dcc60f17e67a7a1dfc71baa05147cdf452b2d204f8197567762c2c8ad1249e4350ac5849ec2546cfd362b850fae56cd228b34cd51e70
-
SSDEEP
24576:k38zHK++lYN/aZz8vI6/SrNXVo+KpP13wZhKQ7zQ+h3ep/IK45FxN:k3CtvNyIsVw1wZF/hep/4FxN
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\mislog\log20230827.txt rundll32.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 3648 4040 WerFault.exe 82 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3040 wrote to memory of 4040 3040 rundll32.exe 82 PID 3040 wrote to memory of 4040 3040 rundll32.exe 82 PID 3040 wrote to memory of 4040 3040 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\231b82866fa050d4fce496f0fa227c35cf27c6a16132148dcb36b2e92253946c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3040 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\231b82866fa050d4fce496f0fa227c35cf27c6a16132148dcb36b2e92253946c.dll,#12⤵
- Drops file in System32 directory
PID:4040 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 8763⤵
- Program crash
PID:3648
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4040 -ip 40401⤵PID:3904
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1023B
MD5455d52109302cd2bc2b40d85b806a297
SHA17f61f57be91cbe2939103afb0c63622b374cbd2e
SHA256905254035b3f544f944bce73c82ff92495409de22999985f9cc3f73aa72e134f
SHA512d8ce1e1d062d333cab9e218bec43f7c0506594139389ac92a9c943c36d817c6032edb66b26d6a14286a5c94883cce52ac6cf00eaf5052058de4b7d875af29d23
-
Filesize
1023B
MD5455d52109302cd2bc2b40d85b806a297
SHA17f61f57be91cbe2939103afb0c63622b374cbd2e
SHA256905254035b3f544f944bce73c82ff92495409de22999985f9cc3f73aa72e134f
SHA512d8ce1e1d062d333cab9e218bec43f7c0506594139389ac92a9c943c36d817c6032edb66b26d6a14286a5c94883cce52ac6cf00eaf5052058de4b7d875af29d23