Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
26-05-2024 04:18
Behavioral task
behavioral1
Sample
e92712c5a1f3cdd8cc0755932127ad16adc81af5d84da50c2fbf036205263335.dll
Resource
win7-20240508-en
3 signatures
150 seconds
General
-
Target
e92712c5a1f3cdd8cc0755932127ad16adc81af5d84da50c2fbf036205263335.dll
-
Size
38KB
-
MD5
66b10b8fd5cd5bac42790cfd046a0b72
-
SHA1
84c5ee4e4a80739aff2a702386fa057714a3e843
-
SHA256
e92712c5a1f3cdd8cc0755932127ad16adc81af5d84da50c2fbf036205263335
-
SHA512
658ef6def3a1b476079341e96cbba6a5e4a9e4224798b0c1e70d76ba21ccbae4d4284ad0b12ae85e873b61d79c09c7f4922b7b7a885f8d5ce4d19b6cc5bc056e
-
SSDEEP
768:Bs+/gMsLIn/wIj2labk+1IsceGSnkmJ0Yblr583CJrVV7UIXU76m2szqVV:WD8w22laSR0V+3CJrV7XczJz
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
Processes:
rundll32.exedescription ioc process File created C:\Windows\SysWOW64\dmlconf.dat rundll32.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1912 1252 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1756 wrote to memory of 1252 1756 rundll32.exe rundll32.exe PID 1756 wrote to memory of 1252 1756 rundll32.exe rundll32.exe PID 1756 wrote to memory of 1252 1756 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e92712c5a1f3cdd8cc0755932127ad16adc81af5d84da50c2fbf036205263335.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e92712c5a1f3cdd8cc0755932127ad16adc81af5d84da50c2fbf036205263335.dll,#12⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 6043⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1252 -ip 12521⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1252-1-0x0000000010000000-0x000000001000D000-memory.dmpFilesize
52KB