Analysis
-
max time kernel
38s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
03-07-2022 08:48
Static task
static1
Behavioral task
behavioral1
Sample
3c0bf9bc0e966ddd5815b543b57d329a679d256b8604a03f4f0254dccc6f6ef1.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
3c0bf9bc0e966ddd5815b543b57d329a679d256b8604a03f4f0254dccc6f6ef1.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
3c0bf9bc0e966ddd5815b543b57d329a679d256b8604a03f4f0254dccc6f6ef1.dll
-
Size
199KB
-
MD5
4fe2b62d9b3ea999aef94d5cfc8158f1
-
SHA1
eaa0e61560812a432287667e81eeb8070edfc830
-
SHA256
3c0bf9bc0e966ddd5815b543b57d329a679d256b8604a03f4f0254dccc6f6ef1
-
SHA512
47b1ddc2593100fbf5a039fb1a9337921cf4278eef0141af4071cd52bb2ae7da4212420d625a8a366b0e36aa0483ee8f95cf4af01fe4d66e01d69b1dbbdcc193
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 240 1388 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1400 wrote to memory of 1388 1400 rundll32.exe rundll32.exe PID 1400 wrote to memory of 1388 1400 rundll32.exe rundll32.exe PID 1400 wrote to memory of 1388 1400 rundll32.exe rundll32.exe PID 1400 wrote to memory of 1388 1400 rundll32.exe rundll32.exe PID 1400 wrote to memory of 1388 1400 rundll32.exe rundll32.exe PID 1400 wrote to memory of 1388 1400 rundll32.exe rundll32.exe PID 1400 wrote to memory of 1388 1400 rundll32.exe rundll32.exe PID 1388 wrote to memory of 240 1388 rundll32.exe WerFault.exe PID 1388 wrote to memory of 240 1388 rundll32.exe WerFault.exe PID 1388 wrote to memory of 240 1388 rundll32.exe WerFault.exe PID 1388 wrote to memory of 240 1388 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3c0bf9bc0e966ddd5815b543b57d329a679d256b8604a03f4f0254dccc6f6ef1.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3c0bf9bc0e966ddd5815b543b57d329a679d256b8604a03f4f0254dccc6f6ef1.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 2443⤵
- Program crash