Analysis
-
max time kernel
48s -
max time network
73s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
21-02-2023 12:41
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10v2004-20230221-en
Behavioral task
behavioral3
Sample
vcomp140.dll
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
vcomp140.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
vcruntime140.dll
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
vcruntime140.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
win-api.xml
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
win-api.xml
Resource
win10v2004-20230220-en
General
-
Target
vcruntime140.dll
-
Size
94KB
-
MD5
11d9ac94e8cb17bd23dea89f8e757f18
-
SHA1
d4fb80a512486821ad320c4fd67abcae63005158
-
SHA256
e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
-
SHA512
aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778
-
SSDEEP
1536:yDHLG4SsAzAvadZw+1Hcx8uIYNUzUnHg4becbK/zJrCT:yDrfZ+jPYNznHg4becbK/Fr
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4916 4948 WerFault.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\vcruntime140.dll,#11⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4948 -s 3282⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 364 -p 4948 -ip 49481⤵