Analysis
-
max time kernel
144s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
10-08-2022 14:47
Behavioral task
behavioral1
Sample
1252-57-0x0000000010000000-0x000000001000E000-memory.dll
Resource
win7-20220718-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
1252-57-0x0000000010000000-0x000000001000E000-memory.dll
Resource
win10v2004-20220721-en
2 signatures
150 seconds
General
-
Target
1252-57-0x0000000010000000-0x000000001000E000-memory.dll
-
Size
56KB
-
MD5
fc635bc2ed48cec52f254fe66b848cab
-
SHA1
3778e2f2d95b055e2833ba2d5e63c24739b8d22b
-
SHA256
7d7ae317f3ad0ae27aedde1586456a1a1d295dedb5ede9564ab38515eeca2927
-
SHA512
b7d431911549bea880e058345066b5583f36197d3cbe0a32cfb734e837babb3a82a23dc56e08ff5a880205b68747e5b30da1248da6259db5848adff24680e8fd
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1068 4696 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4556 wrote to memory of 4696 4556 rundll32.exe rundll32.exe PID 4556 wrote to memory of 4696 4556 rundll32.exe rundll32.exe PID 4556 wrote to memory of 4696 4556 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1252-57-0x0000000010000000-0x000000001000E000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4556 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1252-57-0x0000000010000000-0x000000001000E000-memory.dll,#12⤵PID:4696
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 5643⤵
- Program crash
PID:1068
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4696 -ip 46961⤵PID:4632