Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
09-01-2023 16:47
Static task
static1
Behavioral task
behavioral1
Sample
Scan_01-09.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Scan_01-09.lnk
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
copillwonv/hipsexfryd.cmd
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
copillwonv/hipsexfryd.cmd
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
copillwonv/strapping.dll
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
copillwonv/strapping.dll
Resource
win10v2004-20221111-en
General
-
Target
copillwonv/strapping.dll
-
Size
788KB
-
MD5
15dd0873cb6bef0c8e89a0319a202c3a
-
SHA1
6b49af73134d502d35d81cb978075761dc3b71fa
-
SHA256
180bc8d0f85146d6d16fa8079e38ca5e84756f1e201fc7259464addbaee15ff2
-
SHA512
3b1e4b176835eeae62e5ed4ac65b97e26b4471fba4aa0514c969fac8184fdcecaa82e7c9d286d9bec909bf72cce0c6cce6bfa6ec1a2adadb463a0584d6b8d200
-
SSDEEP
12288:EtsF8uXf3ER0+FFzy9SUa5Eorp//XyZXygB:l8qUR0+FFzvea//XywgB
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1960 836 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 836 wrote to memory of 1960 836 rundll32.exe WerFault.exe PID 836 wrote to memory of 1960 836 rundll32.exe WerFault.exe PID 836 wrote to memory of 1960 836 rundll32.exe WerFault.exe