Analysis
-
max time kernel
33s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
01-07-2022 14:17
Static task
static1
Behavioral task
behavioral1
Sample
add921ad49469bc917ec801ff341c3ae75b0d8227f9a021e012d11e61a486ced.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
add921ad49469bc917ec801ff341c3ae75b0d8227f9a021e012d11e61a486ced.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
add921ad49469bc917ec801ff341c3ae75b0d8227f9a021e012d11e61a486ced.dll
-
Size
204KB
-
MD5
e8c7ab1b9803790b955c6c7c8ea7ec65
-
SHA1
0505f6dd1d54929e735bbe76d2c99694a8d481a6
-
SHA256
add921ad49469bc917ec801ff341c3ae75b0d8227f9a021e012d11e61a486ced
-
SHA512
6f61fcad9bd9e71f9e62b4632c93fce4bcac8fe3077677b7a0d614307403874aaf9bc6a005343b091d54aaf4840c34b1dd6d852b2e5d70a64531f7cad6657232
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1664 2024 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1280 wrote to memory of 2024 1280 rundll32.exe rundll32.exe PID 1280 wrote to memory of 2024 1280 rundll32.exe rundll32.exe PID 1280 wrote to memory of 2024 1280 rundll32.exe rundll32.exe PID 1280 wrote to memory of 2024 1280 rundll32.exe rundll32.exe PID 1280 wrote to memory of 2024 1280 rundll32.exe rundll32.exe PID 1280 wrote to memory of 2024 1280 rundll32.exe rundll32.exe PID 1280 wrote to memory of 2024 1280 rundll32.exe rundll32.exe PID 2024 wrote to memory of 1664 2024 rundll32.exe WerFault.exe PID 2024 wrote to memory of 1664 2024 rundll32.exe WerFault.exe PID 2024 wrote to memory of 1664 2024 rundll32.exe WerFault.exe PID 2024 wrote to memory of 1664 2024 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\add921ad49469bc917ec801ff341c3ae75b0d8227f9a021e012d11e61a486ced.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\add921ad49469bc917ec801ff341c3ae75b0d8227f9a021e012d11e61a486ced.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 2323⤵
- Program crash