Analysis
-
max time kernel
45s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
09/07/2022, 05:30
Behavioral task
behavioral1
Sample
324-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
324-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
324-54-0x0000000180000000-0x0000000180009000-memory.dll
-
Size
36KB
-
MD5
f8af7b3764f00e6de8e9769b5653de4f
-
SHA1
9484ecf5ee9e37d351a52b4e358dec6d787e53af
-
SHA256
8fd2b42b6556a2712942a2f1edc0909c31f40b610d5371706789255fb719236e
-
SHA512
fc54b284754b715253b4bd0178a3c9620af2af915afa514dfa612be3327b48640df76ff6fd427e07b8a5c1652def5f46184b7147c4c879d8a8d0f80a1a88a049
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1668 1452 WerFault.exe 19 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1452 wrote to memory of 1668 1452 rundll32.exe 28 PID 1452 wrote to memory of 1668 1452 rundll32.exe 28 PID 1452 wrote to memory of 1668 1452 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\324-54-0x0000000180000000-0x0000000180009000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1452 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1452 -s 562⤵
- Program crash
PID:1668
-