Analysis
-
max time kernel
419s -
max time network
422s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
08/02/2023, 23:00
Static task
static1
Behavioral task
behavioral1
Sample
vodka.dll
Resource
win7-20220812-en
2 signatures
600 seconds
General
-
Target
vodka.dll
-
Size
329KB
-
MD5
ec68dc542186d11e9c5f9b51f128ddd4
-
SHA1
ca2da4ba22d8430c6e8f48b62fc703f304a243b3
-
SHA256
be5820fb00e7bde9eaf30e37290a0913c4c73a841ad5b5d8fb9ad33285711ef1
-
SHA512
04ce78633f974423b17b8957c130186a5b60429ed4b455dbe2ae10c927f8705fe227926c5a5bda67d36953b5253249576c77105e3f76539c4b920e68c13839ba
-
SSDEEP
6144:z8HwSJZ88IKeVSi5CHvJITRTcKY+UC6vmtmHkRCTZHmR/UYSbO28m2XQ9IW:z8HwSJG83i5CPqTCKY+cOB/UnbrwXQaW
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1724 884 WerFault.exe 28 -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 1080 wrote to memory of 884 1080 rundll32.exe 28 PID 1080 wrote to memory of 884 1080 rundll32.exe 28 PID 1080 wrote to memory of 884 1080 rundll32.exe 28 PID 1080 wrote to memory of 884 1080 rundll32.exe 28 PID 1080 wrote to memory of 884 1080 rundll32.exe 28 PID 1080 wrote to memory of 884 1080 rundll32.exe 28 PID 1080 wrote to memory of 884 1080 rundll32.exe 28 PID 884 wrote to memory of 1724 884 rundll32.exe 29 PID 884 wrote to memory of 1724 884 rundll32.exe 29 PID 884 wrote to memory of 1724 884 rundll32.exe 29 PID 884 wrote to memory of 1724 884 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\vodka.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1080 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\vodka.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:884 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 2283⤵
- Program crash
PID:1724
-
-