Analysis
-
max time kernel
38s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
19-04-2022 03:48
Static task
static1
Behavioral task
behavioral1
Sample
8f6c709b9940e39dde52dc9c617642b1a7ec037d537ec2c1d993734c05af0896.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
8f6c709b9940e39dde52dc9c617642b1a7ec037d537ec2c1d993734c05af0896.dll
Resource
win10v2004-20220310-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
8f6c709b9940e39dde52dc9c617642b1a7ec037d537ec2c1d993734c05af0896.dll
-
Size
968KB
-
MD5
6096270feff34baff71c624efc483c60
-
SHA1
ce8af71382c285eae8226c2faf8de8279d2b6126
-
SHA256
8f6c709b9940e39dde52dc9c617642b1a7ec037d537ec2c1d993734c05af0896
-
SHA512
0dd8dd025696307db394d3303cb8e8e96137e92b4e39ae2d70e385271202cc319cb8a32c2e997513358b64d39ce25e8a0a8b6c9c0c8e8e05a46df12bf67ff736
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 860 1364 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1364 wrote to memory of 860 1364 rundll32.exe WerFault.exe PID 1364 wrote to memory of 860 1364 rundll32.exe WerFault.exe PID 1364 wrote to memory of 860 1364 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8f6c709b9940e39dde52dc9c617642b1a7ec037d537ec2c1d993734c05af0896.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1364 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1364 -s 562⤵
- Program crash
PID:860
-