Analysis
-
max time kernel
87s -
max time network
89s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
25-03-2023 10:08
Static task
static1
Behavioral task
behavioral1
Sample
ecb7addda3c8aa314703c7f0270e33adf16908236eb22f57e290fc5e5cad8371.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ecb7addda3c8aa314703c7f0270e33adf16908236eb22f57e290fc5e5cad8371.dll
Resource
win10v2004-20230220-en
General
-
Target
ecb7addda3c8aa314703c7f0270e33adf16908236eb22f57e290fc5e5cad8371.dll
-
Size
4.0MB
-
MD5
f35e56145d1fae7380b41840e9da7a06
-
SHA1
a47056baee5ffab514e1e0bd9dac9dad7e52fa77
-
SHA256
ecb7addda3c8aa314703c7f0270e33adf16908236eb22f57e290fc5e5cad8371
-
SHA512
c8984e6aadd338c67d4323a15460ada8aa41be57007829cfd5269e43881a3a8412026ec84491512fb675954bd137a908188ddb0062a41f982017fed4466311e5
-
SSDEEP
98304:fBHB2pne7a1mN1E8lkcf5YjovKqGYiOE8oLj5jIJ:fv1GGE5gyjovK65E8oqJ
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4372 2704 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3888 wrote to memory of 2704 3888 rundll32.exe rundll32.exe PID 3888 wrote to memory of 2704 3888 rundll32.exe rundll32.exe PID 3888 wrote to memory of 2704 3888 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ecb7addda3c8aa314703c7f0270e33adf16908236eb22f57e290fc5e5cad8371.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ecb7addda3c8aa314703c7f0270e33adf16908236eb22f57e290fc5e5cad8371.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 6883⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2704 -ip 27041⤵