Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220331-en -
submitted
12-04-2022 18:47
Static task
static1
Behavioral task
behavioral1
Sample
872-57-0x0000000010000000-0x000000001008F000-memory.dll
Resource
win7-20220331-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
872-57-0x0000000010000000-0x000000001008F000-memory.dll
Resource
win10v2004-20220331-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
872-57-0x0000000010000000-0x000000001008F000-memory.dll
-
Size
572KB
-
MD5
9d1c03b5778aaeeb98d2add428c15b5b
-
SHA1
50f8933351fdb2b4eaa6fb637aab27425dd0422a
-
SHA256
e0b71f641092e0e577f4b2468b418dd2dcdbef6a7a84967e71980f2b9bd0e713
-
SHA512
2fa416ff7e58dbda7c926686782da33f836c87fb83098890d7ec65fa9ed021ae25ed27189ccf850156e0cd8c4f64fac0454c3cc1f01c8d42931be6283adc22e9
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1272 1464 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1716 wrote to memory of 1464 1716 rundll32.exe rundll32.exe PID 1716 wrote to memory of 1464 1716 rundll32.exe rundll32.exe PID 1716 wrote to memory of 1464 1716 rundll32.exe rundll32.exe PID 1716 wrote to memory of 1464 1716 rundll32.exe rundll32.exe PID 1716 wrote to memory of 1464 1716 rundll32.exe rundll32.exe PID 1716 wrote to memory of 1464 1716 rundll32.exe rundll32.exe PID 1716 wrote to memory of 1464 1716 rundll32.exe rundll32.exe PID 1464 wrote to memory of 1272 1464 rundll32.exe WerFault.exe PID 1464 wrote to memory of 1272 1464 rundll32.exe WerFault.exe PID 1464 wrote to memory of 1272 1464 rundll32.exe WerFault.exe PID 1464 wrote to memory of 1272 1464 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\872-57-0x0000000010000000-0x000000001008F000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\872-57-0x0000000010000000-0x000000001008F000-memory.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 1963⤵
- Program crash