Analysis
-
max time kernel
91s -
max time network
169s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
30/10/2022, 04:24
Static task
static1
Behavioral task
behavioral1
Sample
ca70035b05f00531bcfc324cf247c6961785e69755792814a3f151ab2cc04992.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ca70035b05f00531bcfc324cf247c6961785e69755792814a3f151ab2cc04992.dll
Resource
win10v2004-20220812-en
General
-
Target
ca70035b05f00531bcfc324cf247c6961785e69755792814a3f151ab2cc04992.dll
-
Size
56KB
-
MD5
a325784ff5d7d36ed2af2169f1ece860
-
SHA1
28f4a5910fb121aa7e307537b812de7ce7940007
-
SHA256
ca70035b05f00531bcfc324cf247c6961785e69755792814a3f151ab2cc04992
-
SHA512
c1e0e64d1199c913fb61210dd3d5c8a21df4654d43b8e1f54c7f71757836efdf1fcdf6e9cf1be5ff233452816d357bf7d944cb7d6047246343c40704d39072d3
-
SSDEEP
768:qins3oNcxnpEDMkRhmc7h48714xjB1TEjdG7RofmjzHcCs/o1:tR6xn0B9O7TEjdGRofmjzcC9
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3440 3776 WerFault.exe 79 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5040 wrote to memory of 3776 5040 rundll32.exe 79 PID 5040 wrote to memory of 3776 5040 rundll32.exe 79 PID 5040 wrote to memory of 3776 5040 rundll32.exe 79
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ca70035b05f00531bcfc324cf247c6961785e69755792814a3f151ab2cc04992.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5040 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ca70035b05f00531bcfc324cf247c6961785e69755792814a3f151ab2cc04992.dll,#12⤵PID:3776
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 5723⤵
- Program crash
PID:3440
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3776 -ip 37761⤵PID:2380