Analysis
-
max time kernel
115s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 11:46
Behavioral task
behavioral1
Sample
e18cc6d5fa5ae439e38f9aa5a8e414e434fa9a0199ecc781df3662a3764268da.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e18cc6d5fa5ae439e38f9aa5a8e414e434fa9a0199ecc781df3662a3764268da.dll
Resource
win10v2004-20220812-en
General
-
Target
e18cc6d5fa5ae439e38f9aa5a8e414e434fa9a0199ecc781df3662a3764268da.dll
-
Size
48KB
-
MD5
9463be1c944b5ca3fa2ebc3a772d1981
-
SHA1
07f1e2bbb3c782e0428ff4f432a097a29c9f856e
-
SHA256
e18cc6d5fa5ae439e38f9aa5a8e414e434fa9a0199ecc781df3662a3764268da
-
SHA512
f9740f972bfbc50d2c336940d0b96662f74a07c95211a3ce20206a85b77f242a58b1363dcf5868c6e7e059024dae62c680de72f59bbdd288f850ed56260709b4
-
SSDEEP
768:TplJFsLFGVz7WBruWvaEbNQUZWf05ByD7MTh77knLYZTaSw7AT0rC5Dy:VlCworHJNhFB+IX0LIa77AwrC5Dy
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/4624-133-0x0000000010000000-0x0000000010016000-memory.dmp vmprotect behavioral2/memory/4624-134-0x0000000010000000-0x0000000010016000-memory.dmp vmprotect -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1204 4624 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4584 wrote to memory of 4624 4584 rundll32.exe rundll32.exe PID 4584 wrote to memory of 4624 4584 rundll32.exe rundll32.exe PID 4584 wrote to memory of 4624 4584 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e18cc6d5fa5ae439e38f9aa5a8e414e434fa9a0199ecc781df3662a3764268da.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e18cc6d5fa5ae439e38f9aa5a8e414e434fa9a0199ecc781df3662a3764268da.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 6043⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4624 -ip 46241⤵