Analysis
-
max time kernel
119s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
11-04-2023 09:15
Static task
static1
Behavioral task
behavioral1
Sample
37887c9dce52b5f8926515cd07e14319.dll
Resource
win7-20230220-en
windows7-x64
2 signatures
150 seconds
General
-
Target
37887c9dce52b5f8926515cd07e14319.dll
-
Size
1.5MB
-
MD5
37887c9dce52b5f8926515cd07e14319
-
SHA1
4d2e946233a43d028cde5b9f4a5dd032eb44b2c7
-
SHA256
5bd7522d5fc9974eec5366697ee99480abb6910302d0250838022d6758024fa8
-
SHA512
67e066d701b35ec1f60b5b4175f0fddb84ebf28ed243d1a4b83b5d50e861ae5876b6f451e5d3bc890dde36c4c267df2836dc6f3788ffcfc260c14f72392fb188
-
SSDEEP
24576:f73hUyP/uQ00lVmJLWr6pOvcZwMgr3GRsFmAFjbc9IiLR7s9XP65HvefXN2wD:VUyWSZ6kUZeGRCjYI2R7If6e1
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4288 2704 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1872 wrote to memory of 2704 1872 rundll32.exe rundll32.exe PID 1872 wrote to memory of 2704 1872 rundll32.exe rundll32.exe PID 1872 wrote to memory of 2704 1872 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\37887c9dce52b5f8926515cd07e14319.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\37887c9dce52b5f8926515cd07e14319.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 5723⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2704 -ip 27041⤵