Analysis
-
max time kernel
151s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 17:18
Behavioral task
behavioral1
Sample
8a5abb390d22b197fa463bdfd8aeb3f2af0cee0a8e8a3b6b848af26a5bfd5a58.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8a5abb390d22b197fa463bdfd8aeb3f2af0cee0a8e8a3b6b848af26a5bfd5a58.dll
Resource
win10v2004-20220812-en
General
-
Target
8a5abb390d22b197fa463bdfd8aeb3f2af0cee0a8e8a3b6b848af26a5bfd5a58.dll
-
Size
56KB
-
MD5
53811710d0750ac9f7d87356c6400df0
-
SHA1
4e00098cd85b24cfef7e74cf8a3ae83baac6784e
-
SHA256
8a5abb390d22b197fa463bdfd8aeb3f2af0cee0a8e8a3b6b848af26a5bfd5a58
-
SHA512
b94fdd8c9a152370a06bf3680ab19b0305e994f3a0719cf8247613b365eb68279f9a2e1b740b02c0d38f1bead254c0295bf83d2953dccae763ff40bf97ad6c0a
-
SSDEEP
768:gWtR8eNLjXcemrEfLhnR5s+qonLVa0zndF0oglk5x+oj9yiD+5oKwAbV:gWP8sL/mexRqgfdiFZoJAnwA
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/952-133-0x0000000010000000-0x0000000010016000-memory.dmp upx -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1984 952 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3452 wrote to memory of 952 3452 rundll32.exe rundll32.exe PID 3452 wrote to memory of 952 3452 rundll32.exe rundll32.exe PID 3452 wrote to memory of 952 3452 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8a5abb390d22b197fa463bdfd8aeb3f2af0cee0a8e8a3b6b848af26a5bfd5a58.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8a5abb390d22b197fa463bdfd8aeb3f2af0cee0a8e8a3b6b848af26a5bfd5a58.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 5603⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 952 -ip 9521⤵