Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
09/07/2022, 07:00
Behavioral task
behavioral1
Sample
1092-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1092-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
1092-54-0x0000000180000000-0x0000000180009000-memory.dll
-
Size
36KB
-
MD5
48a5a99abc6231e459303788d38acbb0
-
SHA1
7a5f8ccc4fbc194af75a6c54c52c05b3f05c9e83
-
SHA256
6401512ca7c102751a1fa6737ca9770222712c94c8b75fee5f04a1e9f3ca702e
-
SHA512
53f8fd37cf99bc8418d4126c197a9ea162a3b88cbfb96d85665502ee16ecfd3b3bfcc7b8e0d1bcf1f145a97c7351095c6e896e6681e9d963b879db6a3e05ea8c
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1064 1052 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1052 wrote to memory of 1064 1052 rundll32.exe 28 PID 1052 wrote to memory of 1064 1052 rundll32.exe 28 PID 1052 wrote to memory of 1064 1052 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1092-54-0x0000000180000000-0x0000000180009000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1052 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1052 -s 562⤵
- Program crash
PID:1064
-