Analysis
-
max time kernel
26s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
07-03-2023 21:55
Static task
static1
Behavioral task
behavioral1
Sample
required documents-85515212/documents3.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
required documents-85515212/documents3.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
required documents-85515212/vk_swiftshader.dll
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
required documents-85515212/vk_swiftshader.dll
Resource
win10v2004-20230220-en
General
-
Target
required documents-85515212/vk_swiftshader.dll
-
Size
4.8MB
-
MD5
80cab86c2f4419b674012c3756d088c2
-
SHA1
89a3a42aba421cb5f924c89a89734f952153bd7d
-
SHA256
479f3a6dd641d18652b30f7e6971eadcd580b1428b9ce9a1878d5e6b057c3a98
-
SHA512
1d0cca96db6e691f617b456754c02eda64a35eed2aa8566444c116969cdda16ecc84606b2d97210c964e198c62955a5f999fcc612eb282d131cf5c1bf1fa0e24
-
SSDEEP
49152:Af94LbaELx0yxWN1E1jAIHmNSfma2jX+fFMyngJH4vbU5Hyt4EJOhmCIWyruHYD0:i4LKhQabHUJ8mdW45AUqXcAUwBb
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1328 1400 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1400 wrote to memory of 1328 1400 rundll32.exe WerFault.exe PID 1400 wrote to memory of 1328 1400 rundll32.exe WerFault.exe PID 1400 wrote to memory of 1328 1400 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\required documents-85515212\vk_swiftshader.dll",#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1400 -s 842⤵
- Program crash