Analysis
-
max time kernel
162s -
max time network
169s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
24-05-2022 03:35
Behavioral task
behavioral1
Sample
b0ea572735d5ed53cab38cbb61682355fcc951df7e411a532f56f236a3ad5f3d.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
b0ea572735d5ed53cab38cbb61682355fcc951df7e411a532f56f236a3ad5f3d.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
b0ea572735d5ed53cab38cbb61682355fcc951df7e411a532f56f236a3ad5f3d.dll
-
Size
671KB
-
MD5
109e2f5c7ce023d6b0eb6b4f049eb547
-
SHA1
a7a9f41567bff15b0622930da7cbe5d33fb8f2d8
-
SHA256
b0ea572735d5ed53cab38cbb61682355fcc951df7e411a532f56f236a3ad5f3d
-
SHA512
13cb3ed3a6648857e6a1320021e45be33bbdd3119ab6bde1a53d93791ffa8c357f98614f74f4f365144b956d625b828c0aaff7fc9c8fdbb4d2d088aeeca69f52
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 7 IoCs
Processes:
rundll32.exeflow pid process 5 2136 rundll32.exe 15 2136 rundll32.exe 22 2136 rundll32.exe 30 2136 rundll32.exe 35 2136 rundll32.exe 46 2136 rundll32.exe 48 2136 rundll32.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4652 1216 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 548 wrote to memory of 1216 548 rundll32.exe rundll32.exe PID 548 wrote to memory of 1216 548 rundll32.exe rundll32.exe PID 548 wrote to memory of 1216 548 rundll32.exe rundll32.exe PID 1216 wrote to memory of 2136 1216 rundll32.exe rundll32.exe PID 1216 wrote to memory of 2136 1216 rundll32.exe rundll32.exe PID 1216 wrote to memory of 2136 1216 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b0ea572735d5ed53cab38cbb61682355fcc951df7e411a532f56f236a3ad5f3d.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b0ea572735d5ed53cab38cbb61682355fcc951df7e411a532f56f236a3ad5f3d.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\AppData\Local\Temp\b0ea572735d5ed53cab38cbb61682355fcc951df7e411a532f56f236a3ad5f3d.dll,f03⤵
- Blocklisted process makes network request
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 8163⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1216 -ip 12161⤵