Analysis
-
max time kernel
98s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
23-03-2023 22:02
Static task
static1
Behavioral task
behavioral1
Sample
2631d5bfd4b0343d3cc43e7c2fee20e7c8c866a88361085885fb5917d289ed6f.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2631d5bfd4b0343d3cc43e7c2fee20e7c8c866a88361085885fb5917d289ed6f.dll
Resource
win10v2004-20230221-en
General
-
Target
2631d5bfd4b0343d3cc43e7c2fee20e7c8c866a88361085885fb5917d289ed6f.dll
-
Size
4.1MB
-
MD5
b6c11e61d991c6c2763a5e231b91c359
-
SHA1
ed47178039a1326354ca9db5b809cafd2a1488a6
-
SHA256
2631d5bfd4b0343d3cc43e7c2fee20e7c8c866a88361085885fb5917d289ed6f
-
SHA512
eeea6ee0c8ef774d964df09e30c1414a941797470f54ff3c5a1346c0d49421e179ff42417bae563a9af82943c6e3b534748cff4bd1162a07c94beb210e0fcac8
-
SSDEEP
98304:fBHB2pne7a1mN1E8lkcf5YjovKqGYiOE8oLj5jIrC:fv1GGE5gyjovK65E8oqe
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4140 2608 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3136 wrote to memory of 2608 3136 rundll32.exe rundll32.exe PID 3136 wrote to memory of 2608 3136 rundll32.exe rundll32.exe PID 3136 wrote to memory of 2608 3136 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2631d5bfd4b0343d3cc43e7c2fee20e7c8c866a88361085885fb5917d289ed6f.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2631d5bfd4b0343d3cc43e7c2fee20e7c8c866a88361085885fb5917d289ed6f.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 6883⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 2608 -ip 26081⤵