Analysis
-
max time kernel
40s -
max time network
43s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
27-09-2022 16:20
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Malware.Heuristic.1003.23418.15608.dll
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Malware.Heuristic.1003.23418.15608.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
SecuriteInfo.com.Malware.Heuristic.1003.23418.15608.dll
-
Size
382KB
-
MD5
02605d55a641f680a7315dd39f15f3e1
-
SHA1
7345287276dfeac8f2e59150a46d179e23211c4b
-
SHA256
25f6cc801356eda5867985563568479adcef91081357c6ea856cf3cde0429590
-
SHA512
bbfff8c8b3578e33983be898846939f3edead325be971bb50d986bb5d98312e14464651dabbdb4efb100ade66807188c08c7b150b66fa59439f8f3354f0dae3b
-
SSDEEP
6144:fdf8gqytoR7bb6DCRnLs8G9jCxM48U7Z3VXtlyk387Ra4bJSDwq0SC0mfRMyH/6B:fdfHt4b6O5Ls8G994R7ZFXPP387Ra4ba
Score
8/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1460-58-0x0000000074F70000-0x0000000075058000-memory.dmp upx -
Program crash 1 IoCs
pid pid_target Process procid_target 1472 1460 WerFault.exe 26 -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 1504 wrote to memory of 1460 1504 rundll32.exe 26 PID 1504 wrote to memory of 1460 1504 rundll32.exe 26 PID 1504 wrote to memory of 1460 1504 rundll32.exe 26 PID 1504 wrote to memory of 1460 1504 rundll32.exe 26 PID 1504 wrote to memory of 1460 1504 rundll32.exe 26 PID 1504 wrote to memory of 1460 1504 rundll32.exe 26 PID 1504 wrote to memory of 1460 1504 rundll32.exe 26 PID 1460 wrote to memory of 1472 1460 rundll32.exe 27 PID 1460 wrote to memory of 1472 1460 rundll32.exe 27 PID 1460 wrote to memory of 1472 1460 rundll32.exe 27 PID 1460 wrote to memory of 1472 1460 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Malware.Heuristic.1003.23418.15608.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1504 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Malware.Heuristic.1003.23418.15608.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:1460 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 2243⤵
- Program crash
PID:1472
-
-