Analysis
-
max time kernel
143s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
07-03-2023 20:46
Static task
static1
Behavioral task
behavioral1
Sample
0188b7630ac0335f90d58f5433303579d3f8128c0c7f6eabed3635333624cb3c.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0188b7630ac0335f90d58f5433303579d3f8128c0c7f6eabed3635333624cb3c.dll
Resource
win10v2004-20230220-en
General
-
Target
0188b7630ac0335f90d58f5433303579d3f8128c0c7f6eabed3635333624cb3c.dll
-
Size
434KB
-
MD5
92aa4a3fbead08b0ad5fff5ee7320ff8
-
SHA1
1ff690b3e52fe61d84f04b8f34d9ffc5536d03bc
-
SHA256
0188b7630ac0335f90d58f5433303579d3f8128c0c7f6eabed3635333624cb3c
-
SHA512
463d4b755a8c2a62703640d9feaaa99ef4eccd2199de6a47830daaef2c3d4d4abbb192efd9f416497f3cf44478cc1ac95b22a211210d60236ebb8e7ea455da6a
-
SSDEEP
12288:rJZ701RXT1BaB4Irm8VGf9hyI8K9HGgJA:VZ701RXT1wB4Irz0f9hNN
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 4184 3756 WerFault.exe 86 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2180 wrote to memory of 3756 2180 rundll32.exe 86 PID 2180 wrote to memory of 3756 2180 rundll32.exe 86 PID 2180 wrote to memory of 3756 2180 rundll32.exe 86
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0188b7630ac0335f90d58f5433303579d3f8128c0c7f6eabed3635333624cb3c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2180 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0188b7630ac0335f90d58f5433303579d3f8128c0c7f6eabed3635333624cb3c.dll,#12⤵PID:3756
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 6003⤵
- Program crash
PID:4184
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3756 -ip 37561⤵PID:1632