Analysis
-
max time kernel
203s -
max time network
211s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
28-11-2022 03:35
Static task
static1
Behavioral task
behavioral1
Sample
6befab600e8a7e07b5fe9fa8124c82e6a9e87c22e30a7a283cabb22b0a937b00.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
6befab600e8a7e07b5fe9fa8124c82e6a9e87c22e30a7a283cabb22b0a937b00.dll
Resource
win10v2004-20221111-en
General
-
Target
6befab600e8a7e07b5fe9fa8124c82e6a9e87c22e30a7a283cabb22b0a937b00.dll
-
Size
276KB
-
MD5
00a7a8251c125ecd85d9dd82ca96cf83
-
SHA1
b7e5623d2dcf86a9004daf656edd4f27a07e05b1
-
SHA256
6befab600e8a7e07b5fe9fa8124c82e6a9e87c22e30a7a283cabb22b0a937b00
-
SHA512
05be7ae3a4d6d40288fdff08a730acc0cb76c70a747a60231abcf51da7e4988d6e6dbf133c148244fd0e05e2c9dec8ba732fc0b4ca60624b00b0cadb835a0d30
-
SSDEEP
6144:dOSjIXo9jPDv5eisvDs8W7s9ZuJrUO//oOqzTzlUK/zNFe5kQn:k549zDUis7s8W7GYAOqWAMiQ
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4140 4388 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4544 wrote to memory of 4388 4544 rundll32.exe rundll32.exe PID 4544 wrote to memory of 4388 4544 rundll32.exe rundll32.exe PID 4544 wrote to memory of 4388 4544 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6befab600e8a7e07b5fe9fa8124c82e6a9e87c22e30a7a283cabb22b0a937b00.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6befab600e8a7e07b5fe9fa8124c82e6a9e87c22e30a7a283cabb22b0a937b00.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 5723⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4388 -ip 43881⤵