Analysis
-
max time kernel
175s -
max time network
186s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
01/12/2022, 16:39
Static task
static1
Behavioral task
behavioral1
Sample
e2f083772afdf6ac1bd16b89e4c2115047b6a3c8fee66c8541a72efecb0b39e4.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e2f083772afdf6ac1bd16b89e4c2115047b6a3c8fee66c8541a72efecb0b39e4.dll
Resource
win10v2004-20221111-en
General
-
Target
e2f083772afdf6ac1bd16b89e4c2115047b6a3c8fee66c8541a72efecb0b39e4.dll
-
Size
78KB
-
MD5
582b05e58b5005c24830ef67a4549af6
-
SHA1
16bd2fc080c72ac3b1d91ecbc909a46c7cc6aa88
-
SHA256
e2f083772afdf6ac1bd16b89e4c2115047b6a3c8fee66c8541a72efecb0b39e4
-
SHA512
91828af17e52e1f40f5653438284c4b3035e1b28df9865909966c35171506bb0ef0a1bdac34b0978031b8f1190626e65909ec105108d008dd0c8a2b5e546e928
-
SSDEEP
1536:BMMObIsZaUQxJUHmoW7qhWnGMn3jO1cdooaAoodtmTFwuQi16mlQ:iNERpxJUiWY40aBMtmZBm
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1824 2608 WerFault.exe 80 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3288 wrote to memory of 2608 3288 rundll32.exe 80 PID 3288 wrote to memory of 2608 3288 rundll32.exe 80 PID 3288 wrote to memory of 2608 3288 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e2f083772afdf6ac1bd16b89e4c2115047b6a3c8fee66c8541a72efecb0b39e4.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3288 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e2f083772afdf6ac1bd16b89e4c2115047b6a3c8fee66c8541a72efecb0b39e4.dll,#12⤵PID:2608
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 5803⤵
- Program crash
PID:1824
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2608 -ip 26081⤵PID:364