Analysis
-
max time kernel
125s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20220310-en -
submitted
23/03/2022, 02:20
Behavioral task
behavioral1
Sample
1652-56-0x0000000000160000-0x000000000016E000-memory.dll
Resource
win7-20220311-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1652-56-0x0000000000160000-0x000000000016E000-memory.dll
Resource
win10v2004-20220310-en
0 signatures
0 seconds
General
-
Target
1652-56-0x0000000000160000-0x000000000016E000-memory.dll
-
Size
56KB
-
MD5
de066a81a5888119f7074d7f3fcde32a
-
SHA1
0da1a543e1906f621d17835d73d84e1ea92dac43
-
SHA256
40a78495d842f1f74502318cebe8cc5551a80b7d1f947b6ddba2b27e839eaed0
-
SHA512
c9925558f41f15c5c65fe5324c4ecdee4295f25192ef3ac556477a06e22de50f037c585ffe645d536cde746f62cc553be4b63c85b174b0a3592c27565f84a7af
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 484 892 WerFault.exe 85 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4332 wrote to memory of 892 4332 rundll32.exe 85 PID 4332 wrote to memory of 892 4332 rundll32.exe 85 PID 4332 wrote to memory of 892 4332 rundll32.exe 85
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1652-56-0x0000000000160000-0x000000000016E000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4332 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1652-56-0x0000000000160000-0x000000000016E000-memory.dll,#12⤵PID:892
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 5603⤵
- Program crash
PID:484
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 892 -ip 8921⤵PID:1656