Analysis
-
max time kernel
112s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
22/03/2023, 07:28
Behavioral task
behavioral1
Sample
1568-56-0x00000000002C0000-0x00000000002CD000-memory.dll
Resource
win7-20230220-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
1568-56-0x00000000002C0000-0x00000000002CD000-memory.dll
Resource
win10v2004-20230220-en
2 signatures
150 seconds
General
-
Target
1568-56-0x00000000002C0000-0x00000000002CD000-memory.dll
-
Size
52KB
-
MD5
a3f1814b58af952b92a808c696838b5e
-
SHA1
cf02357d599923cc6f9af03c336926736a17ebe0
-
SHA256
6b6769780d991db3107cfc1aaacf8e0793d43965f0cb5f8423c8922b5ec6bcef
-
SHA512
d91749ff13e3b96b284f9a32e33b5b29a536b908e5e5d1a28b11b4c8ac304ea3bd2680205e8ac0f3fdf13ff30abafc0a2c6d695090ced627b4c2b32c16b792cc
-
SSDEEP
1536:SxQq9uu/oEkb1LOVSxM5hm6ImdMKD1GcM:Xqje1iVSxMu4dMU1GF
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3968 3560 WerFault.exe 85 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4668 wrote to memory of 3560 4668 rundll32.exe 85 PID 4668 wrote to memory of 3560 4668 rundll32.exe 85 PID 4668 wrote to memory of 3560 4668 rundll32.exe 85
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1568-56-0x00000000002C0000-0x00000000002CD000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4668 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1568-56-0x00000000002C0000-0x00000000002CD000-memory.dll,#12⤵PID:3560
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 5603⤵
- Program crash
PID:3968
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 3560 -ip 35601⤵PID:4688