Analysis
-
max time kernel
38s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220715-en -
resource tags
arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system -
submitted
03-08-2022 10:59
Behavioral task
behavioral1
Sample
1660-57-0x0000000010000000-0x000000001000E000-memory.dll
Resource
win7-20220715-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
1660-57-0x0000000010000000-0x000000001000E000-memory.dll
Resource
win10v2004-20220721-en
2 signatures
150 seconds
General
-
Target
1660-57-0x0000000010000000-0x000000001000E000-memory.dll
-
Size
56KB
-
MD5
0fa97ef07f6aaee8156e4adc2d7b2fbf
-
SHA1
e3e7ad0fecd8bf8d89bc5076edf4f64d889d4a6c
-
SHA256
c6dc63cef61f9af4d1f553422632823d1004796b366320eb38d2ad1c470e190c
-
SHA512
c375326be9829380e0c6ea56105377639d0f07bab64c3d118a11653802b0532dcf46596d3f1147d0b62d2ea151ab5379f88b4e4e77f250afffb5f603e66ad785
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1892 1752 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1612 wrote to memory of 1752 1612 rundll32.exe rundll32.exe PID 1612 wrote to memory of 1752 1612 rundll32.exe rundll32.exe PID 1612 wrote to memory of 1752 1612 rundll32.exe rundll32.exe PID 1612 wrote to memory of 1752 1612 rundll32.exe rundll32.exe PID 1612 wrote to memory of 1752 1612 rundll32.exe rundll32.exe PID 1612 wrote to memory of 1752 1612 rundll32.exe rundll32.exe PID 1612 wrote to memory of 1752 1612 rundll32.exe rundll32.exe PID 1752 wrote to memory of 1892 1752 rundll32.exe WerFault.exe PID 1752 wrote to memory of 1892 1752 rundll32.exe WerFault.exe PID 1752 wrote to memory of 1892 1752 rundll32.exe WerFault.exe PID 1752 wrote to memory of 1892 1752 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1660-57-0x0000000010000000-0x000000001000E000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1612 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1660-57-0x0000000010000000-0x000000001000E000-memory.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:1752 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 1963⤵
- Program crash
PID:1892