Analysis
-
max time kernel
31s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
28/02/2023, 16:41
Static task
static1
Behavioral task
behavioral1
Sample
bbbbbboris.dll
Resource
win7-20230220-en
2 signatures
150 seconds
General
-
Target
bbbbbboris.dll
-
Size
355KB
-
MD5
45d887273f56b2154f46fa13f5ba29aa
-
SHA1
2806aedca48e7ab8fdeb507debb93e9c29c2f4b2
-
SHA256
7193cff8c047bcb00743121f4f90a7df786c93da0b68366bb40d927215f6907b
-
SHA512
c50c7c27bff12d777c3cc00e0b17fa9cd348a6aaf978b5973d37a982ce84da0c2f83ac7308ba055c4afbccc9103e91be1073603430de353087d9b32142649891
-
SSDEEP
6144:znCkEzy3WOKrHe7EPvIbQP952w7QNlC20wHa8zbC6+fYyf9unVes12qxWCla8aGV:NEyrw2s20wHao+mmeWCl9VdAd
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1724 2012 WerFault.exe 28 -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 1696 wrote to memory of 2012 1696 rundll32.exe 28 PID 1696 wrote to memory of 2012 1696 rundll32.exe 28 PID 1696 wrote to memory of 2012 1696 rundll32.exe 28 PID 1696 wrote to memory of 2012 1696 rundll32.exe 28 PID 1696 wrote to memory of 2012 1696 rundll32.exe 28 PID 1696 wrote to memory of 2012 1696 rundll32.exe 28 PID 1696 wrote to memory of 2012 1696 rundll32.exe 28 PID 2012 wrote to memory of 1724 2012 rundll32.exe 29 PID 2012 wrote to memory of 1724 2012 rundll32.exe 29 PID 2012 wrote to memory of 1724 2012 rundll32.exe 29 PID 2012 wrote to memory of 1724 2012 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bbbbbboris.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1696 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bbbbbboris.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2012 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 2243⤵
- Program crash
PID:1724
-
-