Analysis
-
max time kernel
44s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
26-06-2022 23:01
Static task
static1
Behavioral task
behavioral1
Sample
35cd8737cebb9f72db999a49b260c5d9188615b31302d8e7d01b4f37ba4609db.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
35cd8737cebb9f72db999a49b260c5d9188615b31302d8e7d01b4f37ba4609db.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
35cd8737cebb9f72db999a49b260c5d9188615b31302d8e7d01b4f37ba4609db.dll
-
Size
204KB
-
MD5
4a79e1626ce14d7ae5f5b7965c872103
-
SHA1
350cfa0b6f502672cb5e15ce10e17bc17632e749
-
SHA256
35cd8737cebb9f72db999a49b260c5d9188615b31302d8e7d01b4f37ba4609db
-
SHA512
d64477e547e7a522894997bcfff2b205b40da4d2740a166f07b3a1e6fcfc6dcfaab8569221e4b271ad23d6756e461363e55cb11fab4cb510cbae6e92a1ad06aa
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1724 1652 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1068 wrote to memory of 1652 1068 rundll32.exe rundll32.exe PID 1068 wrote to memory of 1652 1068 rundll32.exe rundll32.exe PID 1068 wrote to memory of 1652 1068 rundll32.exe rundll32.exe PID 1068 wrote to memory of 1652 1068 rundll32.exe rundll32.exe PID 1068 wrote to memory of 1652 1068 rundll32.exe rundll32.exe PID 1068 wrote to memory of 1652 1068 rundll32.exe rundll32.exe PID 1068 wrote to memory of 1652 1068 rundll32.exe rundll32.exe PID 1652 wrote to memory of 1724 1652 rundll32.exe WerFault.exe PID 1652 wrote to memory of 1724 1652 rundll32.exe WerFault.exe PID 1652 wrote to memory of 1724 1652 rundll32.exe WerFault.exe PID 1652 wrote to memory of 1724 1652 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\35cd8737cebb9f72db999a49b260c5d9188615b31302d8e7d01b4f37ba4609db.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\35cd8737cebb9f72db999a49b260c5d9188615b31302d8e7d01b4f37ba4609db.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 2323⤵
- Program crash