Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2023, 07:32

General

  • Target

    336-858-0x00000000035C0000-0x00000000036F1000-memory.dll

  • Size

    1.2MB

  • MD5

    37bc0010a947dbdf80bba219d49a65ff

  • SHA1

    1700aeefe56247e5ca41abd5f2740176f6630d03

  • SHA256

    66b65797b639f90f50d2d3d4c29b8584ba96186ccf118ce96d5abc1e334d0479

  • SHA512

    325063127a693377da4d96822d6090994551ff76dac8bb45abaa647a8b348b1fda4c088cde72a33bd16e417ca61fec1b042ce102a148fe7e9b43249b7d457f2f

  • SSDEEP

    24576:3C7CI9TZDEWk1wCy0zaG9cQAr1ftxmbfYQJZKLnI:7I99DEWVtQArZmn0b

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\336-858-0x00000000035C0000-0x00000000036F1000-memory.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1288
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1288 -s 56
      2⤵
        PID:2624

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads