Analysis
-
max time kernel
30s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
22/03/2023, 07:28
Behavioral task
behavioral1
Sample
1568-56-0x00000000002C0000-0x00000000002CD000-memory.dll
Resource
win7-20230220-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
1568-56-0x00000000002C0000-0x00000000002CD000-memory.dll
Resource
win10v2004-20230220-en
2 signatures
150 seconds
General
-
Target
1568-56-0x00000000002C0000-0x00000000002CD000-memory.dll
-
Size
52KB
-
MD5
a3f1814b58af952b92a808c696838b5e
-
SHA1
cf02357d599923cc6f9af03c336926736a17ebe0
-
SHA256
6b6769780d991db3107cfc1aaacf8e0793d43965f0cb5f8423c8922b5ec6bcef
-
SHA512
d91749ff13e3b96b284f9a32e33b5b29a536b908e5e5d1a28b11b4c8ac304ea3bd2680205e8ac0f3fdf13ff30abafc0a2c6d695090ced627b4c2b32c16b792cc
-
SSDEEP
1536:SxQq9uu/oEkb1LOVSxM5hm6ImdMKD1GcM:Xqje1iVSxMu4dMU1GF
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1964 2004 WerFault.exe 28 -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 1992 wrote to memory of 2004 1992 rundll32.exe 28 PID 1992 wrote to memory of 2004 1992 rundll32.exe 28 PID 1992 wrote to memory of 2004 1992 rundll32.exe 28 PID 1992 wrote to memory of 2004 1992 rundll32.exe 28 PID 1992 wrote to memory of 2004 1992 rundll32.exe 28 PID 1992 wrote to memory of 2004 1992 rundll32.exe 28 PID 1992 wrote to memory of 2004 1992 rundll32.exe 28 PID 2004 wrote to memory of 1964 2004 rundll32.exe 29 PID 2004 wrote to memory of 1964 2004 rundll32.exe 29 PID 2004 wrote to memory of 1964 2004 rundll32.exe 29 PID 2004 wrote to memory of 1964 2004 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1568-56-0x00000000002C0000-0x00000000002CD000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1992 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1568-56-0x00000000002C0000-0x00000000002CD000-memory.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2004 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 1963⤵
- Program crash
PID:1964
-
-