Analysis
-
max time kernel
142s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20220722-en -
resource tags
arch:x64arch:x86image:win10v2004-20220722-enlocale:en-usos:windows10-2004-x64system -
submitted
03-08-2022 13:47
Behavioral task
behavioral1
Sample
628bc58.dll
Resource
win7-20220718-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
628bc58.dll
Resource
win10v2004-20220722-en
3 signatures
150 seconds
General
-
Target
628bc58.dll
-
Size
508KB
-
MD5
04ead173ffdf29ace7c7e338d917021f
-
SHA1
aa1e2cf23558741994d101333d8030b05f663a1a
-
SHA256
5409ba01037c586c729d8bda05492461ce1c88e565a13c181b7f5cb49bb5902e
-
SHA512
96dd5f7bffb4bb2123d1ab614635e92bbc76805f252a2c26300c8ae68a4e492de87a494fca79a9d596e905c760b9d7d617743a5b50fa5c9c124c5aa9fecc7798
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 12 4468 rundll32.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4240 4468 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3924 wrote to memory of 4468 3924 rundll32.exe rundll32.exe PID 3924 wrote to memory of 4468 3924 rundll32.exe rundll32.exe PID 3924 wrote to memory of 4468 3924 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\628bc58.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3924 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\628bc58.dll,#12⤵
- Blocklisted process makes network request
PID:4468 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 7003⤵
- Program crash
PID:4240
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4468 -ip 44681⤵PID:4716