Analysis
-
max time kernel
81s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
20/03/2023, 14:08
Behavioral task
behavioral1
Sample
608-56-0x0000000000240000-0x000000000024D000-memory.dll
Resource
win7-20230220-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
608-56-0x0000000000240000-0x000000000024D000-memory.dll
Resource
win10v2004-20230220-en
2 signatures
150 seconds
General
-
Target
608-56-0x0000000000240000-0x000000000024D000-memory.dll
-
Size
52KB
-
MD5
8f586ddaac774a9c30742c81e425cc6d
-
SHA1
21e8edef0cc4d4442d060735f20c399109cb4d9a
-
SHA256
9e96757115ed0eda8d908fc357f818297ccb196bab4f3bc24c6bd64a05eb5d65
-
SHA512
5dc57077abfa4027a52d6a4595edd8b7dce65111b1fbf9e2e6b0dc857d10b311bddda03310a0ec97d34eddd648d26be48016ea21744d17e54ced2cea1fe7e55d
-
SSDEEP
768:8owYqFvXp4GGXm/44OTBz5qHf9qR2s6L/qgz6TWNPa5dM+6hK3D1GcQh:85YqEm/4nTBaFq0LhuCNC5dMaD1GcQ
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1772 5080 WerFault.exe 86 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2112 wrote to memory of 5080 2112 rundll32.exe 86 PID 2112 wrote to memory of 5080 2112 rundll32.exe 86 PID 2112 wrote to memory of 5080 2112 rundll32.exe 86
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\608-56-0x0000000000240000-0x000000000024D000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2112 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\608-56-0x0000000000240000-0x000000000024D000-memory.dll,#12⤵PID:5080
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 5603⤵
- Program crash
PID:1772
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 200 -p 5080 -ip 50801⤵PID:2468