Analysis
-
max time kernel
25s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
26-06-2022 01:58
Static task
static1
Behavioral task
behavioral1
Sample
369eba9d83f6fa072f924d2a8ab44e497ad5b02eaadeac08e0b20b14e6c49ad8.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
369eba9d83f6fa072f924d2a8ab44e497ad5b02eaadeac08e0b20b14e6c49ad8.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
369eba9d83f6fa072f924d2a8ab44e497ad5b02eaadeac08e0b20b14e6c49ad8.dll
-
Size
204KB
-
MD5
84941c1f1af56d701ca737fc9e5c4ac6
-
SHA1
aecb69223c68240bebca497c8d8b6edd32123695
-
SHA256
369eba9d83f6fa072f924d2a8ab44e497ad5b02eaadeac08e0b20b14e6c49ad8
-
SHA512
85a180670f18dba30b701438233ab7a962e5454e332fa16b3d422a9a82f9e77233de268cee37575ef20a7bba8482fa97cb8843cf9e60ffad247b6a54eb31e8a3
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1344 1004 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1692 wrote to memory of 1004 1692 rundll32.exe rundll32.exe PID 1692 wrote to memory of 1004 1692 rundll32.exe rundll32.exe PID 1692 wrote to memory of 1004 1692 rundll32.exe rundll32.exe PID 1692 wrote to memory of 1004 1692 rundll32.exe rundll32.exe PID 1692 wrote to memory of 1004 1692 rundll32.exe rundll32.exe PID 1692 wrote to memory of 1004 1692 rundll32.exe rundll32.exe PID 1692 wrote to memory of 1004 1692 rundll32.exe rundll32.exe PID 1004 wrote to memory of 1344 1004 rundll32.exe WerFault.exe PID 1004 wrote to memory of 1344 1004 rundll32.exe WerFault.exe PID 1004 wrote to memory of 1344 1004 rundll32.exe WerFault.exe PID 1004 wrote to memory of 1344 1004 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\369eba9d83f6fa072f924d2a8ab44e497ad5b02eaadeac08e0b20b14e6c49ad8.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\369eba9d83f6fa072f924d2a8ab44e497ad5b02eaadeac08e0b20b14e6c49ad8.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 2323⤵
- Program crash