Analysis
-
max time kernel
44s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
31-05-2022 14:59
Static task
static1
Behavioral task
behavioral1
Sample
03d2a0747d06458ccddf65ff5847a511a105e0ad4dcb5134082623af6f705012.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
03d2a0747d06458ccddf65ff5847a511a105e0ad4dcb5134082623af6f705012.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
03d2a0747d06458ccddf65ff5847a511a105e0ad4dcb5134082623af6f705012.dll
-
Size
37KB
-
MD5
c41e2c2cc5843cedd79162c73787d4de
-
SHA1
3a3530dc465b07b2d862c3fdd37dcec2735d43ae
-
SHA256
03d2a0747d06458ccddf65ff5847a511a105e0ad4dcb5134082623af6f705012
-
SHA512
3bdf1c0e137d68a5552e6be105d6a361f469aebe4513241a5841270e851562d1d229e04510bee02b318ebdf5eb65f7d4627dc15fcfbd2bdd7f3a6f5c885355c0
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1724 1100 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1100 wrote to memory of 1724 1100 rundll32.exe WerFault.exe PID 1100 wrote to memory of 1724 1100 rundll32.exe WerFault.exe PID 1100 wrote to memory of 1724 1100 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\03d2a0747d06458ccddf65ff5847a511a105e0ad4dcb5134082623af6f705012.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1100 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1100 -s 1682⤵
- Program crash
PID:1724