Analysis
-
max time kernel
44s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
20-11-2022 01:05
Behavioral task
behavioral1
Sample
1580-61-0x0000000000A90000-0x0000000000ABA000-memory.dll
Resource
win7-20220901-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
1580-61-0x0000000000A90000-0x0000000000ABA000-memory.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
1580-61-0x0000000000A90000-0x0000000000ABA000-memory.dll
-
Size
168KB
-
MD5
1e8169b300f4e03f730eb72d8a9c0b8e
-
SHA1
d842e8e219c9b292b1e391e3e6e3021cd70ce157
-
SHA256
42faeb96a7166b31b96eab92cafdd9a6d3882d905d084cafb69cdd228b604a82
-
SHA512
271ce13e047b8aaf94e9f97bc6558c70157c3090e7c50f06fa38f320c01599af0ce603f298cf49e795cfebb2a42ce4e91aa7eddf04c092ad99d1dbad50d0d2b4
-
SSDEEP
3072:m4kbNZ6nu7mabGqf66ytyRA+JJnVtITBfJeva83q7O/ya3:yqni/qqi6y0a+JBVtITBBN83qK/v
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2020 2044 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1184 wrote to memory of 2044 1184 rundll32.exe rundll32.exe PID 1184 wrote to memory of 2044 1184 rundll32.exe rundll32.exe PID 1184 wrote to memory of 2044 1184 rundll32.exe rundll32.exe PID 1184 wrote to memory of 2044 1184 rundll32.exe rundll32.exe PID 1184 wrote to memory of 2044 1184 rundll32.exe rundll32.exe PID 1184 wrote to memory of 2044 1184 rundll32.exe rundll32.exe PID 1184 wrote to memory of 2044 1184 rundll32.exe rundll32.exe PID 2044 wrote to memory of 2020 2044 rundll32.exe WerFault.exe PID 2044 wrote to memory of 2020 2044 rundll32.exe WerFault.exe PID 2044 wrote to memory of 2020 2044 rundll32.exe WerFault.exe PID 2044 wrote to memory of 2020 2044 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1580-61-0x0000000000A90000-0x0000000000ABA000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1580-61-0x0000000000A90000-0x0000000000ABA000-memory.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 1963⤵
- Program crash