Analysis
-
max time kernel
31s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
20/03/2023, 14:08
Behavioral task
behavioral1
Sample
608-56-0x0000000000240000-0x000000000024D000-memory.dll
Resource
win7-20230220-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
608-56-0x0000000000240000-0x000000000024D000-memory.dll
Resource
win10v2004-20230220-en
2 signatures
150 seconds
General
-
Target
608-56-0x0000000000240000-0x000000000024D000-memory.dll
-
Size
52KB
-
MD5
8f586ddaac774a9c30742c81e425cc6d
-
SHA1
21e8edef0cc4d4442d060735f20c399109cb4d9a
-
SHA256
9e96757115ed0eda8d908fc357f818297ccb196bab4f3bc24c6bd64a05eb5d65
-
SHA512
5dc57077abfa4027a52d6a4595edd8b7dce65111b1fbf9e2e6b0dc857d10b311bddda03310a0ec97d34eddd648d26be48016ea21744d17e54ced2cea1fe7e55d
-
SSDEEP
768:8owYqFvXp4GGXm/44OTBz5qHf9qR2s6L/qgz6TWNPa5dM+6hK3D1GcQh:85YqEm/4nTBaFq0LhuCNC5dMaD1GcQ
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2000 2020 WerFault.exe 28 -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 2008 wrote to memory of 2020 2008 rundll32.exe 28 PID 2008 wrote to memory of 2020 2008 rundll32.exe 28 PID 2008 wrote to memory of 2020 2008 rundll32.exe 28 PID 2008 wrote to memory of 2020 2008 rundll32.exe 28 PID 2008 wrote to memory of 2020 2008 rundll32.exe 28 PID 2008 wrote to memory of 2020 2008 rundll32.exe 28 PID 2008 wrote to memory of 2020 2008 rundll32.exe 28 PID 2020 wrote to memory of 2000 2020 rundll32.exe 29 PID 2020 wrote to memory of 2000 2020 rundll32.exe 29 PID 2020 wrote to memory of 2000 2020 rundll32.exe 29 PID 2020 wrote to memory of 2000 2020 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\608-56-0x0000000000240000-0x000000000024D000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2008 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\608-56-0x0000000000240000-0x000000000024D000-memory.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2020 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 1963⤵
- Program crash
PID:2000
-
-