Analysis
-
max time kernel
78s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
13/02/2023, 15:43
Static task
static1
Behavioral task
behavioral1
Sample
09.gif.dll
Resource
win7-20220812-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
09.gif.dll
Resource
win10v2004-20220812-en
2 signatures
150 seconds
General
-
Target
09.gif.dll
-
Size
525KB
-
MD5
5aeb6e164f5c212e21d629c0ea46f48f
-
SHA1
06a1743819db332d3c196a6960b90301c638171e
-
SHA256
7272f3b71091a0188f10030287ca1e2b6689b6cfd7c91d400bd7d1a4d55213e5
-
SHA512
d17af00dfa92745e41ad39567fc63bd8d1bec29f5ef856dab9aee317017e09fe565c99fb675999fc7ac9ddea48ff72c87d802c2b34e29fb7a390b49fc493fc47
-
SSDEEP
12288:XPkOXczzPUMZClzjzbumfoEG1Tn2AK2Y0yC7+:XOnfClzjnum/G1TnVek
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 4960 4992 WerFault.exe 82 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3040 wrote to memory of 4992 3040 rundll32.exe 82 PID 3040 wrote to memory of 4992 3040 rundll32.exe 82 PID 3040 wrote to memory of 4992 3040 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\09.gif.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3040 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\09.gif.dll,#12⤵PID:4992
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 6003⤵
- Program crash
PID:4960
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4992 -ip 49921⤵PID:4948