Analysis
-
max time kernel
42s -
max time network
43s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20-06-2022 06:09
Static task
static1
Behavioral task
behavioral1
Sample
94f7bc1e910866c5ed1b06242e82c8d5379d143123ff255b87fc78db98c49ae2.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
94f7bc1e910866c5ed1b06242e82c8d5379d143123ff255b87fc78db98c49ae2.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
94f7bc1e910866c5ed1b06242e82c8d5379d143123ff255b87fc78db98c49ae2.dll
-
Size
1.1MB
-
MD5
b3351695a7cd6c72a5b17ebb8c2c5e54
-
SHA1
8e96e89113601ac2ebf022b72a2aa6e2c2eb992a
-
SHA256
94f7bc1e910866c5ed1b06242e82c8d5379d143123ff255b87fc78db98c49ae2
-
SHA512
e69594d106ee37c629f6f4559a2caa4b689440f17a73a635aa6ba20de921926e63a4fea249239dcbcf895bd66cb004d9840f98c018854bd8159d117720c9380d
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 912 1056 WerFault.exe 26 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1056 wrote to memory of 912 1056 rundll32.exe 27 PID 1056 wrote to memory of 912 1056 rundll32.exe 27 PID 1056 wrote to memory of 912 1056 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\94f7bc1e910866c5ed1b06242e82c8d5379d143123ff255b87fc78db98c49ae2.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1056 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1056 -s 562⤵
- Program crash
PID:912
-