Analysis
-
max time kernel
91s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
07/11/2022, 11:04
Static task
static1
Behavioral task
behavioral1
Sample
b12ff14738b33de653e8c0144230fb320353c56843009a027c10c049555e5981.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
b12ff14738b33de653e8c0144230fb320353c56843009a027c10c049555e5981.dll
Resource
win10v2004-20220901-en
General
-
Target
b12ff14738b33de653e8c0144230fb320353c56843009a027c10c049555e5981.dll
-
Size
772KB
-
MD5
0687d7f1373c2034b6c1bfb9be0e39a0
-
SHA1
23c72c95325609a18c15236bbdaf0eccdfa5a3d2
-
SHA256
b12ff14738b33de653e8c0144230fb320353c56843009a027c10c049555e5981
-
SHA512
edb4bd1fec0bf718e600ac4ff76527435622c0b35c440a184a8b75030be9e0ad09f8ebdec3e8d17ef209b750c8b8b8effa2bc0c6478b41fcf61f92d4b444af27
-
SSDEEP
12288:CX2TZnynE03rJ54VHl0eitSnZBx0YYJnJopQ4XnM3Xn:CX2T9mrCkAXrAWuTX
Malware Config
Signatures
-
Program crash 2 IoCs
pid pid_target Process procid_target 1164 3532 WerFault.exe 81 520 3532 WerFault.exe 81 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1508 wrote to memory of 3532 1508 rundll32.exe 81 PID 1508 wrote to memory of 3532 1508 rundll32.exe 81 PID 1508 wrote to memory of 3532 1508 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b12ff14738b33de653e8c0144230fb320353c56843009a027c10c049555e5981.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1508 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b12ff14738b33de653e8c0144230fb320353c56843009a027c10c049555e5981.dll,#12⤵PID:3532
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 6003⤵
- Program crash
PID:1164
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 6083⤵
- Program crash
PID:520
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3532 -ip 35321⤵PID:4976
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3532 -ip 35321⤵PID:2976