Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    19/05/2024, 19:54

General

  • Target

    TaaprWareV3.dll

  • Size

    242KB

  • MD5

    a6dd063fecdba990085d9ee1492519c8

  • SHA1

    ca3ad5f5bdd9c48ef5a7e35ec27ab5d88e25da38

  • SHA256

    00a4789705818e4c8b87d4804d975bf2aee5a4779ad2055c5a5f8fb9bbac1321

  • SHA512

    f758dc12feaca2ca9db49d652eb7d4f2626569414479281c65c99cc5eb06ae8e203a5526128a3e3050c961c42cf0d7108ac11fc3cf3b45012c8657bb8b994966

  • SSDEEP

    3072:5AMpM3f+eXt4x7uwrAicOAUGRmM5c6B3rgFLKa6OEFF255zz5CSMw8mL8N:5AUSwr+jUGsM26ZsFLKa6UpCSM

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\TaaprWareV3.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2460
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\TaaprWareV3.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2992
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 292
        3⤵
        • Program crash
        PID:2792

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2992-0-0x00000000754F6000-0x00000000754F7000-memory.dmp

          Filesize

          4KB