Analysis
-
max time kernel
35s -
max time network
38s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
09/07/2022, 07:01
Behavioral task
behavioral1
Sample
1092-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1092-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
1092-54-0x0000000180000000-0x0000000180009000-memory.dll
-
Size
36KB
-
MD5
48a5a99abc6231e459303788d38acbb0
-
SHA1
7a5f8ccc4fbc194af75a6c54c52c05b3f05c9e83
-
SHA256
6401512ca7c102751a1fa6737ca9770222712c94c8b75fee5f04a1e9f3ca702e
-
SHA512
53f8fd37cf99bc8418d4126c197a9ea162a3b88cbfb96d85665502ee16ecfd3b3bfcc7b8e0d1bcf1f145a97c7351095c6e896e6681e9d963b879db6a3e05ea8c
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 560 240 WerFault.exe 26 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 240 wrote to memory of 560 240 rundll32.exe 27 PID 240 wrote to memory of 560 240 rundll32.exe 27 PID 240 wrote to memory of 560 240 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1092-54-0x0000000180000000-0x0000000180009000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:240 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 240 -s 562⤵
- Program crash
PID:560
-