Analysis
-
max time kernel
84s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
31/03/2023, 08:28
Static task
static1
Behavioral task
behavioral1
Sample
GPUPI-CLI.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
GPUPI-CLI.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
GPUPI.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
GPUPI.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
HWiNFO32.dll
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
HWiNFO32.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
cudart32_65.dll
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
cudart32_65.dll
Resource
win10v2004-20230220-en
General
-
Target
cudart32_65.dll
-
Size
242KB
-
MD5
2a7669f5dcb6f46500ad8f2df512dfe2
-
SHA1
a925d88329d259a22ea0d1577356acc5de1a2092
-
SHA256
a4b7f6f645d1607a44735f4c2393dbae3b47dc197c31ac66203d8ef53315c0da
-
SHA512
dc97e2ec04444a3f648c7fa5547158aa1e1e8189847dd45cd1a342c522c3082428af2b6a53c0b1902d2d59a369d445355dea539623601b1a9df2d58b660caf87
-
SSDEEP
3072:iil1y7afcuydPUBUobwvCKsiHfkeJHSydZ:t1y7IctdPUb8v33/ke
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1456 1008 WerFault.exe 85 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2516 wrote to memory of 1008 2516 rundll32.exe 85 PID 2516 wrote to memory of 1008 2516 rundll32.exe 85 PID 2516 wrote to memory of 1008 2516 rundll32.exe 85
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cudart32_65.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2516 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cudart32_65.dll,#12⤵PID:1008
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 6003⤵
- Program crash
PID:1456
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1008 -ip 10081⤵PID:4532