Analysis
-
max time kernel
36s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
09-01-2023 20:22
Behavioral task
behavioral1
Sample
784bc607bd7bf047aec2c9d7445037bdb45d673ae9c30b9718b0f195cfb860e6.dll
Resource
win7-20221111-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
784bc607bd7bf047aec2c9d7445037bdb45d673ae9c30b9718b0f195cfb860e6.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
784bc607bd7bf047aec2c9d7445037bdb45d673ae9c30b9718b0f195cfb860e6.dll
-
Size
60KB
-
MD5
afdad4be32188bee71d4f891c479d821
-
SHA1
13f67ba774361761af8bedb0ffee0ab7b08e0dc4
-
SHA256
784bc607bd7bf047aec2c9d7445037bdb45d673ae9c30b9718b0f195cfb860e6
-
SHA512
8199ee1749f336a818efcb317cf8d72a8f82149d92db74f22539ec0e1ed3744e213c70b1114fdc49f8224ca06196df86379346982e43a77c6081e1909a8ee65c
-
SSDEEP
768:hO4apg9TJD/UFPvh45g1WmxValWf5uJMj9TX8Vd76o1x6:hHT+4mjw4IdZx
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2036 840 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 840 wrote to memory of 2036 840 rundll32.exe WerFault.exe PID 840 wrote to memory of 2036 840 rundll32.exe WerFault.exe PID 840 wrote to memory of 2036 840 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\784bc607bd7bf047aec2c9d7445037bdb45d673ae9c30b9718b0f195cfb860e6.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:840 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 840 -s 562⤵
- Program crash
PID:2036