Analysis
-
max time kernel
86s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
24-07-2022 02:58
Static task
static1
Behavioral task
behavioral1
Sample
59bebe69c6273edf9f4a2d2841f8624dc295c8d3fcb668960c1ca5b954e871fe.dll
Resource
win7-20220715-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
59bebe69c6273edf9f4a2d2841f8624dc295c8d3fcb668960c1ca5b954e871fe.dll
Resource
win10v2004-20220721-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
59bebe69c6273edf9f4a2d2841f8624dc295c8d3fcb668960c1ca5b954e871fe.dll
-
Size
57KB
-
MD5
b7b90e1cc763199c625c330ae1400ca1
-
SHA1
3868d3929c95187bc99640da54684b20d75cb384
-
SHA256
59bebe69c6273edf9f4a2d2841f8624dc295c8d3fcb668960c1ca5b954e871fe
-
SHA512
a3dc2482c3d79a2be9db4373e2d59e8b2bee91d2f7f7dee542f6e13b895b868c62d318061a15f5bafac7720aac11e2bb99f26d44801cc51e057015d7d704a4f8
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4680 2552 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2472 wrote to memory of 2552 2472 rundll32.exe rundll32.exe PID 2472 wrote to memory of 2552 2472 rundll32.exe rundll32.exe PID 2472 wrote to memory of 2552 2472 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\59bebe69c6273edf9f4a2d2841f8624dc295c8d3fcb668960c1ca5b954e871fe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\59bebe69c6273edf9f4a2d2841f8624dc295c8d3fcb668960c1ca5b954e871fe.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 6363⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2552 -ip 25521⤵