Analysis
-
max time kernel
180s -
max time network
187s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
01/12/2022, 14:10
Static task
static1
Behavioral task
behavioral1
Sample
9468e489c57831a2692d0ebe61671c8255a5b2abe32b976ed2efeafd38e11c75.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
9468e489c57831a2692d0ebe61671c8255a5b2abe32b976ed2efeafd38e11c75.dll
Resource
win10v2004-20220812-en
General
-
Target
9468e489c57831a2692d0ebe61671c8255a5b2abe32b976ed2efeafd38e11c75.dll
-
Size
86KB
-
MD5
f7bfb717e85b2e72c696e9f9bce3509a
-
SHA1
1264d58faef101a7e48293da3ef7f6716b626dac
-
SHA256
9468e489c57831a2692d0ebe61671c8255a5b2abe32b976ed2efeafd38e11c75
-
SHA512
83dcf328e0e69adb49f8d10e4159c3627ed3bb20f76cffe83217b2fe9cbe19ef0d56a9a3772e620200e5fe4eb2f2a3659c1dfd457b1cf3e469073ba0d70d9c6f
-
SSDEEP
1536:9GHsh23P/ebYbI8dR1Q281+hjM9mhc1k8HyZAiCMVHvKgyEoj6Y6+:972HsojQ2vjOSL9vEEIj
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3852 5044 WerFault.exe 77 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2112 wrote to memory of 5044 2112 rundll32.exe 77 PID 2112 wrote to memory of 5044 2112 rundll32.exe 77 PID 2112 wrote to memory of 5044 2112 rundll32.exe 77
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9468e489c57831a2692d0ebe61671c8255a5b2abe32b976ed2efeafd38e11c75.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2112 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9468e489c57831a2692d0ebe61671c8255a5b2abe32b976ed2efeafd38e11c75.dll,#12⤵PID:5044
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 5963⤵
- Program crash
PID:3852
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5044 -ip 50441⤵PID:4040