Analysis
-
max time kernel
30s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
07-05-2023 09:06
Static task
static1
Behavioral task
behavioral1
Sample
ASSAILED/HORATIAN.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ASSAILED/HORATIAN.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
ASSAILED/UNFIBBED.cmd
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
ASSAILED/UNFIBBED.cmd
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
PHIMOSES.lnk
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
PHIMOSES.lnk
Resource
win10v2004-20230220-en
General
-
Target
ASSAILED/HORATIAN.dll
-
Size
1.0MB
-
MD5
a146dac7b641fff2c5c3c0cf320731aa
-
SHA1
0b21a4b04e79565e26e4236772d4605fc39862e7
-
SHA256
95ad74c1dff5293c49c955a4e77c17e6912c7b8d1fc8f5f4c6f05ac77a56a9ab
-
SHA512
9fa32a0d1128c90b27c31080a767b6f5c34638a436c5573af9a990acab2973b7f93116509ffd4519e0a56572d2f1640f8c7dad9310153ca7c06a752ab95f9b19
-
SSDEEP
24576:x7Vt9qfawrN27U1izzZaRbfp81L/Wm/nd6WrrUU9fQT:1BqfSU14Zadq1L/cWrrHfQ
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1692 2040 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2040 wrote to memory of 1692 2040 rundll32.exe WerFault.exe PID 2040 wrote to memory of 1692 2040 rundll32.exe WerFault.exe PID 2040 wrote to memory of 1692 2040 rundll32.exe WerFault.exe