Analysis
-
max time kernel
48s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
14-07-2022 15:44
Static task
static1
Behavioral task
behavioral1
Sample
4ba880c1080b2bb71989b267576f145fe5500a5672f73750bfcefb72a3d4c651.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
4ba880c1080b2bb71989b267576f145fe5500a5672f73750bfcefb72a3d4c651.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
4ba880c1080b2bb71989b267576f145fe5500a5672f73750bfcefb72a3d4c651.dll
-
Size
188KB
-
MD5
2410d0d7c20597d9b65f237f9c4ce6c9
-
SHA1
cd807d416897d84c8aeeccf92096186ffe62cf58
-
SHA256
4ba880c1080b2bb71989b267576f145fe5500a5672f73750bfcefb72a3d4c651
-
SHA512
54b04d63f76c8ad86d1bb65982b10a4cb41b8a840224f93469cb17ba8e157d7c1794e22a84660911a1e033388e28080b606971b059e30ca51a3d54150426b8f8
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1144 604 WerFault.exe 26 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 604 wrote to memory of 1144 604 rundll32.exe 27 PID 604 wrote to memory of 1144 604 rundll32.exe 27 PID 604 wrote to memory of 1144 604 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4ba880c1080b2bb71989b267576f145fe5500a5672f73750bfcefb72a3d4c651.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:604 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 604 -s 842⤵
- Program crash
PID:1144
-