Analysis
-
max time kernel
44s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
10/07/2022, 07:19
Static task
static1
Behavioral task
behavioral1
Sample
1756-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1756-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
1756-54-0x0000000180000000-0x0000000180009000-memory.dll
-
Size
36KB
-
MD5
c2bab9b7a0d85653416316f55c82541b
-
SHA1
939e617421037a58870e52d29bf38e292105e3ff
-
SHA256
46f32ba015b5ae66e8e0e69e5b7a965cdb5999a7406bd844743caa7f124054b1
-
SHA512
c80ae7e662d54c570eda87293a9d1e0e3eb632e059d08673188d52c08b80177051b197b3a0d6d303ad61c35acd9909d06d23d9abf263db6da7e16b79d7fca01a
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1464 1336 WerFault.exe 26 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1336 wrote to memory of 1464 1336 rundll32.exe 27 PID 1336 wrote to memory of 1464 1336 rundll32.exe 27 PID 1336 wrote to memory of 1464 1336 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1756-54-0x0000000180000000-0x0000000180009000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1336 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1336 -s 562⤵
- Program crash
PID:1464
-