Analysis
-
max time kernel
193s -
max time network
218s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
28-11-2022 03:35
Static task
static1
Behavioral task
behavioral1
Sample
75fdc12f6a7feafd8de0f4106f84893a26f39e96a20479e7fab0581a204c3402.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
75fdc12f6a7feafd8de0f4106f84893a26f39e96a20479e7fab0581a204c3402.dll
Resource
win10v2004-20221111-en
General
-
Target
75fdc12f6a7feafd8de0f4106f84893a26f39e96a20479e7fab0581a204c3402.dll
-
Size
361KB
-
MD5
42047a06a075b0c00fa6c9b6e31ca41c
-
SHA1
2649350c2f7f15fe0382335c50e900dbeafcd16f
-
SHA256
75fdc12f6a7feafd8de0f4106f84893a26f39e96a20479e7fab0581a204c3402
-
SHA512
cda9f6d787c407cf4fdad489b5495b3608f3d40514a8626290d521553af8053d3974d8bd5fa3771c3bb41b9fda64c4cbb6da1acf94b192246ef764bb1a565141
-
SSDEEP
6144:owM3I4nEYm2WLZz9PGGISkraoIX4NRZLLd/BZpymJZBS+tSfEwv5wyQ:7kI4nJmRz9PGGjkrgoN9Ppymfkn
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4420 1916 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3296 wrote to memory of 1916 3296 rundll32.exe rundll32.exe PID 3296 wrote to memory of 1916 3296 rundll32.exe rundll32.exe PID 3296 wrote to memory of 1916 3296 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\75fdc12f6a7feafd8de0f4106f84893a26f39e96a20479e7fab0581a204c3402.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\75fdc12f6a7feafd8de0f4106f84893a26f39e96a20479e7fab0581a204c3402.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 5963⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1916 -ip 19161⤵