Analysis
-
max time kernel
141s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
28-09-2023 17:16
Static task
static1
Behavioral task
behavioral1
Sample
92a8d29853d1891492fef0660aa44e8cf591269a42e008885a64625528b06a31.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
92a8d29853d1891492fef0660aa44e8cf591269a42e008885a64625528b06a31.dll
Resource
win10v2004-20230915-en
General
-
Target
92a8d29853d1891492fef0660aa44e8cf591269a42e008885a64625528b06a31.dll
-
Size
482KB
-
MD5
57e4ef873693892da6c20512fefb6dff
-
SHA1
5ce485c9739bd2f82175d557444fd0f5f00646a7
-
SHA256
92a8d29853d1891492fef0660aa44e8cf591269a42e008885a64625528b06a31
-
SHA512
2973b8ae186ec0e5652cd5f2ee79b8cb4d05c1f56df4c22dbeb7fb81b4aab72fc2ab3a0bc757bca71a8e095ce4aa28ff0c60a8b09247464f7487eb2199b7821a
-
SSDEEP
12288:65hlJthDY7hlPJMFN8hbAvNQPjapvZZSGGBwdY5H:65hlJthDY7XPSFN8JcNi+pvfSz5
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2120 wrote to memory of 2860 2120 rundll32.exe WerFault.exe PID 2120 wrote to memory of 2860 2120 rundll32.exe WerFault.exe PID 2120 wrote to memory of 2860 2120 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\92a8d29853d1891492fef0660aa44e8cf591269a42e008885a64625528b06a31.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2120 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2120 -s 842⤵PID:2860
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2120-0-0x000007FEF6F80000-0x000007FEF7005000-memory.dmpFilesize
532KB