Analysis
-
max time kernel
957s -
max time network
961s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
07-07-2022 11:54
Static task
static1
Behavioral task
behavioral1
Sample
noname.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
noname.dll
-
Size
38KB
-
MD5
651defc532f0e72be60621696aa97972
-
SHA1
43176a96322202fc8fd8901c213fde820d005871
-
SHA256
6057d87753daee3c71eb8c0d3cb8582ea88d6e56f02864019db9fd7af3fb4a9f
-
SHA512
ce847863f83c21489cddb6faebfc6753903ad55235c82768664fbfd01acfeb2745f6a2dda5b6e9ca2e3292c4b020c13d9b1df148211bd6557267ac23e174bc1b
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
Processes:
rundll32.exedescription ioc process File created C:\Windows\SysWOW64\dmlconf.dat rundll32.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3260 1276 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3784 wrote to memory of 1276 3784 rundll32.exe rundll32.exe PID 3784 wrote to memory of 1276 3784 rundll32.exe rundll32.exe PID 3784 wrote to memory of 1276 3784 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\noname.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\noname.dll,#12⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 6083⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1276 -ip 12761⤵