Analysis
-
max time kernel
144s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
08-02-2023 19:22
Behavioral task
behavioral1
Sample
1716-56-0x0000000010000000-0x000000001013B000-memory.dll
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
General
-
Target
1716-56-0x0000000010000000-0x000000001013B000-memory.dll
-
Size
1.2MB
-
MD5
1b7567ad481edfdd98def6b2d0b4bdf9
-
SHA1
c05f17efae43c16bf5efd3e3c5e1f3548c572e98
-
SHA256
d8eea48101d16675eab4b0263d801425405565d80057839513e00d1717c6dc7a
-
SHA512
902620925513e4d9235250756e6a2bd1de06c50f1d70760222fc858ce3547c65894b9ab6c122c9cc8b6247438e69681f80526b8f5b91c087967cf1b254cf21e3
-
SSDEEP
24576:LZA5Md+xdHP0J6wfwnriXWYXbsdmTHdUHlRRrc5Pi7OQMCeMwVrGOUfp7O:L3SdY6OwriXWQsdmbdelRdkai4eMw5Gk
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3328 1904 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1488 wrote to memory of 1904 1488 rundll32.exe rundll32.exe PID 1488 wrote to memory of 1904 1488 rundll32.exe rundll32.exe PID 1488 wrote to memory of 1904 1488 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1716-56-0x0000000010000000-0x000000001013B000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1716-56-0x0000000010000000-0x000000001013B000-memory.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 5603⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1904 -ip 19041⤵