Analysis
-
max time kernel
105s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
08/03/2023, 08:26
Behavioral task
behavioral1
Sample
2824-135-0x00000000021A0000-0x00000000021AD000-memory.dll
Resource
win7-20230220-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
2824-135-0x00000000021A0000-0x00000000021AD000-memory.dll
Resource
win10v2004-20230220-en
2 signatures
150 seconds
General
-
Target
2824-135-0x00000000021A0000-0x00000000021AD000-memory.dll
-
Size
52KB
-
MD5
00fcf7ce9262fce3a3d2ab24bdc41d6e
-
SHA1
1aff681606961d624f0b9b362ec4d1fec290108f
-
SHA256
839c6f5fd1d023559d9c57cdec8a2967081256500043646c9d5140e31047b22b
-
SHA512
0f6597cd0d20b4654fcfd7fab9beb7266412a0ef50016a46da10c52540c428ff079bd7d61e1350fa4ecbb71c5f0b0483a53afe6ff69aa2a5f386013999472a83
-
SSDEEP
768:5UUQAqFLCRdx66l3a/I4SG2V+HXl6sQ6EeTiQAVOcsdMhhK3D1Gc:W1AqQDa/Iv5W16QdAVOcsdMeD1Gc
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1440 1180 WerFault.exe 72 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1924 wrote to memory of 1180 1924 rundll32.exe 72 PID 1924 wrote to memory of 1180 1924 rundll32.exe 72 PID 1924 wrote to memory of 1180 1924 rundll32.exe 72
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2824-135-0x00000000021A0000-0x00000000021AD000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1924 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2824-135-0x00000000021A0000-0x00000000021AD000-memory.dll,#12⤵PID:1180
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 5603⤵
- Program crash
PID:1440
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1180 -ip 11801⤵PID:4128