Analysis
-
max time kernel
143s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
08/02/2023, 18:27
Static task
static1
Behavioral task
behavioral1
Sample
1cfd78420793c0fafebf0f4e1a09c1ff.dll
Resource
win7-20221111-en
2 signatures
150 seconds
General
-
Target
1cfd78420793c0fafebf0f4e1a09c1ff.dll
-
Size
1.2MB
-
MD5
1cfd78420793c0fafebf0f4e1a09c1ff
-
SHA1
8c6df311b3f42ffab51df0d411cefae923ef0929
-
SHA256
329501486d4922ccf3a28e8ecf0046151e7106dc31ea6df33670d0d15d10cf54
-
SHA512
1f4a85c4186a31c3e20f6e7dbffcf25fbf7f7587b782c3009013d643f1abcb27f2c79778a1587cb4b0ceff14327451d1b0a08ef2eef2ade94baa45f7a94dc182
-
SSDEEP
24576:BB++leR75eeScNFG0tUDWlmulwI49SnymKLRd:BMseR7IexXM/ulRAsURd
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3728 4804 WerFault.exe 82 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4912 wrote to memory of 4804 4912 rundll32.exe 82 PID 4912 wrote to memory of 4804 4912 rundll32.exe 82 PID 4912 wrote to memory of 4804 4912 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1cfd78420793c0fafebf0f4e1a09c1ff.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4912 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1cfd78420793c0fafebf0f4e1a09c1ff.dll,#12⤵PID:4804
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 5803⤵
- Program crash
PID:3728
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4804 -ip 48041⤵PID:3900