Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
25-06-2022 08:37
Static task
static1
Behavioral task
behavioral1
Sample
95b0a9828be2d96490fc0e4c412945eac8ad75b8730ea104e370391897dcdd08.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
95b0a9828be2d96490fc0e4c412945eac8ad75b8730ea104e370391897dcdd08.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
95b0a9828be2d96490fc0e4c412945eac8ad75b8730ea104e370391897dcdd08.dll
-
Size
204KB
-
MD5
8af8b5f1495851b8c52fa4735ac98c26
-
SHA1
190d879ad5562f71f8e813f22265a98c68f10cd7
-
SHA256
95b0a9828be2d96490fc0e4c412945eac8ad75b8730ea104e370391897dcdd08
-
SHA512
6f1cd68047499e98c9fc92e025a6b93ac6c6568e15635c60bafedb9af2fff9cb3e9938caff37fbfdb176fa4479954d855d693708747224f6fb33bff12ee940b4
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1648 1928 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1856 wrote to memory of 1928 1856 rundll32.exe rundll32.exe PID 1856 wrote to memory of 1928 1856 rundll32.exe rundll32.exe PID 1856 wrote to memory of 1928 1856 rundll32.exe rundll32.exe PID 1856 wrote to memory of 1928 1856 rundll32.exe rundll32.exe PID 1856 wrote to memory of 1928 1856 rundll32.exe rundll32.exe PID 1856 wrote to memory of 1928 1856 rundll32.exe rundll32.exe PID 1856 wrote to memory of 1928 1856 rundll32.exe rundll32.exe PID 1928 wrote to memory of 1648 1928 rundll32.exe WerFault.exe PID 1928 wrote to memory of 1648 1928 rundll32.exe WerFault.exe PID 1928 wrote to memory of 1648 1928 rundll32.exe WerFault.exe PID 1928 wrote to memory of 1648 1928 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\95b0a9828be2d96490fc0e4c412945eac8ad75b8730ea104e370391897dcdd08.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\95b0a9828be2d96490fc0e4c412945eac8ad75b8730ea104e370391897dcdd08.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 2323⤵
- Program crash