Analysis
-
max time kernel
40s -
max time network
43s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
10/07/2022, 08:29
Static task
static1
Behavioral task
behavioral1
Sample
884-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
884-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
884-54-0x0000000180000000-0x0000000180009000-memory.dll
-
Size
36KB
-
MD5
a8c61e5e2fe000d5c50cebc9b456784c
-
SHA1
d678ba1fe70741ae6c29b02dcdb2cde4c2451497
-
SHA256
ebc36f782e5acf678a4910a8166e142cfe1f5450a36facd3b7ff0c7e33e7e45c
-
SHA512
387b5986e2c69fd6d47d9b956b7eb74d696c5636ea1529f57e2b6a6333cd3113b68807eda839421ad1961568a28ca9631f251f4771043327872d2421d9c8902b
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1944 1172 WerFault.exe 26 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1172 wrote to memory of 1944 1172 rundll32.exe 27 PID 1172 wrote to memory of 1944 1172 rundll32.exe 27 PID 1172 wrote to memory of 1944 1172 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\884-54-0x0000000180000000-0x0000000180009000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1172 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1172 -s 562⤵
- Program crash
PID:1944
-