Analysis
-
max time kernel
44s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
25-06-2022 08:44
Static task
static1
Behavioral task
behavioral1
Sample
48fa896216b45a4346237e2dcccfcf88a1c8a1c5606b65c94a99f431a6fe6ce8.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
48fa896216b45a4346237e2dcccfcf88a1c8a1c5606b65c94a99f431a6fe6ce8.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
48fa896216b45a4346237e2dcccfcf88a1c8a1c5606b65c94a99f431a6fe6ce8.dll
-
Size
204KB
-
MD5
be475a8c93f33d7d32eaa933d0e53720
-
SHA1
e23a4446de5d56afe5234218827e07faf28746bb
-
SHA256
48fa896216b45a4346237e2dcccfcf88a1c8a1c5606b65c94a99f431a6fe6ce8
-
SHA512
dcec75fbc8d4c42c26c6a562f0573d24dedc247bda228072cdf65b2d421adfeb08a0584d3866495f7785ad8930996037a2c44903d7021436ebb80ff9f4016951
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1912 1156 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1488 wrote to memory of 1156 1488 rundll32.exe rundll32.exe PID 1488 wrote to memory of 1156 1488 rundll32.exe rundll32.exe PID 1488 wrote to memory of 1156 1488 rundll32.exe rundll32.exe PID 1488 wrote to memory of 1156 1488 rundll32.exe rundll32.exe PID 1488 wrote to memory of 1156 1488 rundll32.exe rundll32.exe PID 1488 wrote to memory of 1156 1488 rundll32.exe rundll32.exe PID 1488 wrote to memory of 1156 1488 rundll32.exe rundll32.exe PID 1156 wrote to memory of 1912 1156 rundll32.exe WerFault.exe PID 1156 wrote to memory of 1912 1156 rundll32.exe WerFault.exe PID 1156 wrote to memory of 1912 1156 rundll32.exe WerFault.exe PID 1156 wrote to memory of 1912 1156 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\48fa896216b45a4346237e2dcccfcf88a1c8a1c5606b65c94a99f431a6fe6ce8.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\48fa896216b45a4346237e2dcccfcf88a1c8a1c5606b65c94a99f431a6fe6ce8.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 2323⤵
- Program crash