Analysis
-
max time kernel
232s -
max time network
245s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
03-12-2022 13:47
Static task
static1
Behavioral task
behavioral1
Sample
ed6fc5023c0836fe509cc4d78c0fb6e629ee577b170d78f322af4013a42f1190.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ed6fc5023c0836fe509cc4d78c0fb6e629ee577b170d78f322af4013a42f1190.dll
Resource
win10v2004-20221111-en
General
-
Target
ed6fc5023c0836fe509cc4d78c0fb6e629ee577b170d78f322af4013a42f1190.dll
-
Size
120KB
-
MD5
a9e5fb4cce5312b795ffd12d55658e40
-
SHA1
0479cfb2a2e1102fcd30dde057cff8c86df13101
-
SHA256
ed6fc5023c0836fe509cc4d78c0fb6e629ee577b170d78f322af4013a42f1190
-
SHA512
af8421f89e099c8517ae9f76f91b4c66fe51542a47a2e6f90393a4cc3df2de553530b9a67053a710eab114144d519c497c3fa8a655a567de3fb6c7d4c1dfdb0b
-
SSDEEP
3072:UZ0ZKMeVfhr+pcJaGmvMYX0lwKoOA/zaRxcsmDia:UZgKnZhmc4vMYhHs+smGa
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2156 948 WerFault.exe 81 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4732 wrote to memory of 948 4732 rundll32.exe 81 PID 4732 wrote to memory of 948 4732 rundll32.exe 81 PID 4732 wrote to memory of 948 4732 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ed6fc5023c0836fe509cc4d78c0fb6e629ee577b170d78f322af4013a42f1190.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4732 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ed6fc5023c0836fe509cc4d78c0fb6e629ee577b170d78f322af4013a42f1190.dll,#12⤵PID:948
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 5603⤵
- Program crash
PID:2156
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 948 -ip 9481⤵PID:3500