Analysis
-
max time kernel
106s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
23-10-2022 17:45
Behavioral task
behavioral1
Sample
396dba113699f4a82bb56d563ba5edb8.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
396dba113699f4a82bb56d563ba5edb8.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
396dba113699f4a82bb56d563ba5edb8.dll
-
Size
2.7MB
-
MD5
396dba113699f4a82bb56d563ba5edb8
-
SHA1
9afc7244e562f94308cb9daa15e28fa78265cf60
-
SHA256
1989a8569e42e684b1799ef3035f938b83c2f64d64718fe47ba540562cd0b3bb
-
SHA512
3ce5147451521367cca04c0c748d3f3f643e2f9a7ddf846f8d4122b50ce87abe8a7d634d4c3cfa3cb38a372caf7778cd01fddc630fa01661a9b19a5420419bdc
-
SSDEEP
49152:Jzl1rpbUrqvv0v2rQVt8nqwI7lOOYcp2ek:P1Kqvv07noI7lOOYc7
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2844 2508 WerFault.exe 84 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1564 wrote to memory of 2508 1564 rundll32.exe 84 PID 1564 wrote to memory of 2508 1564 rundll32.exe 84 PID 1564 wrote to memory of 2508 1564 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\396dba113699f4a82bb56d563ba5edb8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1564 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\396dba113699f4a82bb56d563ba5edb8.dll,#12⤵PID:2508
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 5603⤵
- Program crash
PID:2844
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2508 -ip 25081⤵PID:3896