Analysis
-
max time kernel
144s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
08/02/2023, 19:22
Behavioral task
behavioral1
Sample
1716-56-0x0000000010000000-0x000000001013B000-memory.dll
Resource
win7-20220812-en
3 signatures
150 seconds
General
-
Target
1716-56-0x0000000010000000-0x000000001013B000-memory.dll
-
Size
1.2MB
-
MD5
1b7567ad481edfdd98def6b2d0b4bdf9
-
SHA1
c05f17efae43c16bf5efd3e3c5e1f3548c572e98
-
SHA256
d8eea48101d16675eab4b0263d801425405565d80057839513e00d1717c6dc7a
-
SHA512
902620925513e4d9235250756e6a2bd1de06c50f1d70760222fc858ce3547c65894b9ab6c122c9cc8b6247438e69681f80526b8f5b91c087967cf1b254cf21e3
-
SSDEEP
24576:LZA5Md+xdHP0J6wfwnriXWYXbsdmTHdUHlRRrc5Pi7OQMCeMwVrGOUfp7O:L3SdY6OwriXWQsdmbdelRdkai4eMw5Gk
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3328 1904 WerFault.exe 78 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1488 wrote to memory of 1904 1488 rundll32.exe 78 PID 1488 wrote to memory of 1904 1488 rundll32.exe 78 PID 1488 wrote to memory of 1904 1488 rundll32.exe 78
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1716-56-0x0000000010000000-0x000000001013B000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1488 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1716-56-0x0000000010000000-0x000000001013B000-memory.dll,#12⤵PID:1904
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 5603⤵
- Program crash
PID:3328
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1904 -ip 19041⤵PID:2560