Analysis
-
max time kernel
133s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 21:24
Behavioral task
behavioral1
Sample
4bb1ecb382f01a114961ad5d65930146a0102b3574bd47254148e09ada9f2a59.dll
Resource
win7-20240508-en
windows7-x64
3 signatures
150 seconds
General
-
Target
4bb1ecb382f01a114961ad5d65930146a0102b3574bd47254148e09ada9f2a59.dll
-
Size
60KB
-
MD5
0e1a178a080f12dccf5d77598160cbe3
-
SHA1
031d3c021db994f2f0339598a43db7add9975db4
-
SHA256
4bb1ecb382f01a114961ad5d65930146a0102b3574bd47254148e09ada9f2a59
-
SHA512
41974c2c7017a927c640f0693590076ab368def4e8e6bb412daf02f2f50fbfd2e9fffcd1ef622180c6efe8da4559955669b523b664ebd6931a5a00cc01b47aa9
-
SSDEEP
768:Bs+TgMsHPnI1bsb3+rpKZbRj2XCN/sJggWNGOmRLZYOJWVQTbZbr/2xn4/OMa6NO:W7vI1b43uKZFkJJWHkhZbr/451A9+/4
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
Processes:
rundll32.exedescription ioc process File created C:\Windows\SysWOW64\dmlconf.dat rundll32.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3232 864 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4228 wrote to memory of 864 4228 rundll32.exe rundll32.exe PID 4228 wrote to memory of 864 4228 rundll32.exe rundll32.exe PID 4228 wrote to memory of 864 4228 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4bb1ecb382f01a114961ad5d65930146a0102b3574bd47254148e09ada9f2a59.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4bb1ecb382f01a114961ad5d65930146a0102b3574bd47254148e09ada9f2a59.dll,#12⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 6243⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 864 -ip 8641⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4196,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=4216 /prefetch:81⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/864-1-0x0000000010000000-0x0000000010012000-memory.dmpFilesize
72KB