Analysis
-
max time kernel
41s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
01-07-2022 14:24
Static task
static1
Behavioral task
behavioral1
Sample
3dd21d830f6e876e030a7bd76c657ee940afac1785690438475cb0a15c3b1805.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
3dd21d830f6e876e030a7bd76c657ee940afac1785690438475cb0a15c3b1805.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
3dd21d830f6e876e030a7bd76c657ee940afac1785690438475cb0a15c3b1805.dll
-
Size
206KB
-
MD5
47e80349b40b21f381458fa84c82cb83
-
SHA1
d401ad0be19247cef815444621c6c5db5ecea216
-
SHA256
3dd21d830f6e876e030a7bd76c657ee940afac1785690438475cb0a15c3b1805
-
SHA512
3b01fe5353ef94ff7961589d31de9fe5b38dc38bb289464dc54fbde56966f7b59d26af4340930dea8cdd438f793e4340422f3acfadf9bf586a4d2af60b8715ce
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1944 1728 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1864 wrote to memory of 1728 1864 rundll32.exe rundll32.exe PID 1864 wrote to memory of 1728 1864 rundll32.exe rundll32.exe PID 1864 wrote to memory of 1728 1864 rundll32.exe rundll32.exe PID 1864 wrote to memory of 1728 1864 rundll32.exe rundll32.exe PID 1864 wrote to memory of 1728 1864 rundll32.exe rundll32.exe PID 1864 wrote to memory of 1728 1864 rundll32.exe rundll32.exe PID 1864 wrote to memory of 1728 1864 rundll32.exe rundll32.exe PID 1728 wrote to memory of 1944 1728 rundll32.exe WerFault.exe PID 1728 wrote to memory of 1944 1728 rundll32.exe WerFault.exe PID 1728 wrote to memory of 1944 1728 rundll32.exe WerFault.exe PID 1728 wrote to memory of 1944 1728 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3dd21d830f6e876e030a7bd76c657ee940afac1785690438475cb0a15c3b1805.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3dd21d830f6e876e030a7bd76c657ee940afac1785690438475cb0a15c3b1805.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 2443⤵
- Program crash