Analysis
-
max time kernel
149s -
max time network
170s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
31/10/2022, 00:55
Behavioral task
behavioral1
Sample
76dc0a7029440af970f53079c3175e54c5054927d7c65de8171c3e60969c1dac.dll
Resource
win7-20220812-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
76dc0a7029440af970f53079c3175e54c5054927d7c65de8171c3e60969c1dac.dll
Resource
win10v2004-20220812-en
2 signatures
150 seconds
General
-
Target
76dc0a7029440af970f53079c3175e54c5054927d7c65de8171c3e60969c1dac.dll
-
Size
880KB
-
MD5
a15b02c869071cb208f66be111567c91
-
SHA1
a47a257445afb4f2e8b4b0ac5cc8aab251520f0e
-
SHA256
76dc0a7029440af970f53079c3175e54c5054927d7c65de8171c3e60969c1dac
-
SHA512
66a4a98712f0637271ef97e9c4e7a040eceea4af9dc0e92d0d408136871177155e74315d95d7f632a83cf6d2010d58792ea3da9f12f8dd82849245b879ba6d59
-
SSDEEP
24576:5CqciCbhCIHY7ijH2CWDpKZA/gEJLuht4aL0j2j4H:vCkIY7ijWCWDpV/BLuEI0jtH
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 4524 2420 WerFault.exe 82 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1408 wrote to memory of 2420 1408 rundll32.exe 82 PID 1408 wrote to memory of 2420 1408 rundll32.exe 82 PID 1408 wrote to memory of 2420 1408 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\76dc0a7029440af970f53079c3175e54c5054927d7c65de8171c3e60969c1dac.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1408 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\76dc0a7029440af970f53079c3175e54c5054927d7c65de8171c3e60969c1dac.dll,#12⤵PID:2420
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 6963⤵
- Program crash
PID:4524
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2420 -ip 24201⤵PID:5016