Analysis
-
max time kernel
57s -
max time network
73s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
15-04-2022 03:58
Static task
static1
Behavioral task
behavioral1
Sample
cb532605ba8d1c3dbc7b7cade848b4f975c73de8efb5d1544269776e4ae524fe.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
cb532605ba8d1c3dbc7b7cade848b4f975c73de8efb5d1544269776e4ae524fe.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
cb532605ba8d1c3dbc7b7cade848b4f975c73de8efb5d1544269776e4ae524fe.dll
-
Size
22KB
-
MD5
c3a248919daa785e7ead0f9c36a58e3a
-
SHA1
8d2ee477031c13dd6855153b68853a8a5aa99dce
-
SHA256
cb532605ba8d1c3dbc7b7cade848b4f975c73de8efb5d1544269776e4ae524fe
-
SHA512
d68daa0efacbd122ad1b759821af6cdd80082b6b18ffcf4281d3de3545bf36b868ef6a4ea47d6629334519d7bf6b5ac6e2a07f442f3d8696982b0b21c6c06307
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3884 2436 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3468 wrote to memory of 2436 3468 rundll32.exe rundll32.exe PID 3468 wrote to memory of 2436 3468 rundll32.exe rundll32.exe PID 3468 wrote to memory of 2436 3468 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cb532605ba8d1c3dbc7b7cade848b4f975c73de8efb5d1544269776e4ae524fe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cb532605ba8d1c3dbc7b7cade848b4f975c73de8efb5d1544269776e4ae524fe.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 5843⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2436 -ip 24361⤵