Analysis
-
max time kernel
44s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220715-en -
resource tags
arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system -
submitted
23/07/2022, 03:49
Behavioral task
behavioral1
Sample
1056-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win7-20220715-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
1056-54-0x0000000180000000-0x0000000180009000-memory.dll
Resource
win10v2004-20220721-en
1 signatures
150 seconds
General
-
Target
1056-54-0x0000000180000000-0x0000000180009000-memory.dll
-
Size
36KB
-
MD5
935fa233c40f91bd560d5353c9e9a7db
-
SHA1
5f6dc9433f5b2a8ef6d785e08060a4aad7e11750
-
SHA256
2337e0e73827d41d1e6a36c7fe1797eb5833c9265a4aaaab3fd46469eb13f839
-
SHA512
4142c3ed798e5fd36a190028a7a84af57fe3b6fc80dfd5024bb82e53869ddbcdc5976eeffdc99d02414bdee55f94c53197c1de104a9bfd1715eff320429096e4
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 308 1420 WerFault.exe 26 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1420 wrote to memory of 308 1420 rundll32.exe 27 PID 1420 wrote to memory of 308 1420 rundll32.exe 27 PID 1420 wrote to memory of 308 1420 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1056-54-0x0000000180000000-0x0000000180009000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1420 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1420 -s 562⤵
- Program crash
PID:308
-