Analysis
-
max time kernel
4294178s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20220311-en -
submitted
21-03-2022 19:30
Static task
static1
Behavioral task
behavioral1
Sample
1752-55-0x0000000180000000-0x000000018000B000-memory.dll
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1752-55-0x0000000180000000-0x000000018000B000-memory.dll
Resource
win10v2004-20220310-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
1752-55-0x0000000180000000-0x000000018000B000-memory.dll
-
Size
44KB
-
MD5
26c5fca101a362c8a0bbeefbf08da798
-
SHA1
264bca602e7fd7c38045446802d548f4d116c300
-
SHA256
e1dbfbc85b8b435d91e798b5f88f1bbf5d406647b473d89b3d60465e28feba1b
-
SHA512
592b414a77519dd7fe344890dca891b4fbb3c6fea0479352deb0be2dcdb320ccbd9e103d573b6fb2837761452907e5f26aaf92d765b0ee858f9de881d60ceb2f
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 956 892 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 892 wrote to memory of 956 892 rundll32.exe WerFault.exe PID 892 wrote to memory of 956 892 rundll32.exe WerFault.exe PID 892 wrote to memory of 956 892 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1752-55-0x0000000180000000-0x000000018000B000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:892 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 892 -s 562⤵
- Program crash
PID:956
-