Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
31/03/2023, 08:28
Static task
static1
Behavioral task
behavioral1
Sample
GPUPI-CLI.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
GPUPI-CLI.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
GPUPI.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
GPUPI.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
HWiNFO32.dll
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
HWiNFO32.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
cudart32_65.dll
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
cudart32_65.dll
Resource
win10v2004-20230220-en
General
-
Target
cudart32_65.dll
-
Size
242KB
-
MD5
2a7669f5dcb6f46500ad8f2df512dfe2
-
SHA1
a925d88329d259a22ea0d1577356acc5de1a2092
-
SHA256
a4b7f6f645d1607a44735f4c2393dbae3b47dc197c31ac66203d8ef53315c0da
-
SHA512
dc97e2ec04444a3f648c7fa5547158aa1e1e8189847dd45cd1a342c522c3082428af2b6a53c0b1902d2d59a369d445355dea539623601b1a9df2d58b660caf87
-
SSDEEP
3072:iil1y7afcuydPUBUobwvCKsiHfkeJHSydZ:t1y7IctdPUb8v33/ke
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1980 1696 WerFault.exe 28 -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 2020 wrote to memory of 1696 2020 rundll32.exe 28 PID 2020 wrote to memory of 1696 2020 rundll32.exe 28 PID 2020 wrote to memory of 1696 2020 rundll32.exe 28 PID 2020 wrote to memory of 1696 2020 rundll32.exe 28 PID 2020 wrote to memory of 1696 2020 rundll32.exe 28 PID 2020 wrote to memory of 1696 2020 rundll32.exe 28 PID 2020 wrote to memory of 1696 2020 rundll32.exe 28 PID 1696 wrote to memory of 1980 1696 rundll32.exe 29 PID 1696 wrote to memory of 1980 1696 rundll32.exe 29 PID 1696 wrote to memory of 1980 1696 rundll32.exe 29 PID 1696 wrote to memory of 1980 1696 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cudart32_65.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2020 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cudart32_65.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:1696 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 2243⤵
- Program crash
PID:1980
-
-