Analysis
-
max time kernel
30s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
26-05-2023 11:38
Behavioral task
behavioral1
Sample
2040-55-0x00000000001B0000-0x00000000001C3000-memory.dll
Resource
win7-20230220-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
2040-55-0x00000000001B0000-0x00000000001C3000-memory.dll
Resource
win10v2004-20230221-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
2040-55-0x00000000001B0000-0x00000000001C3000-memory.dll
-
Size
76KB
-
MD5
2655c80fc73aa500587d35d63e695040
-
SHA1
dae4ffaeb1c4cecc00ac3acaccde9237070e17a5
-
SHA256
db69b7f0e7b1fad1f80385fda6e9b2249ca75557b97496ab281a95ea80cab3a4
-
SHA512
55d4d56020ee4b3f00b1a460e65b3bafe61437f4295255eb769471b8dfc395b13319427c4aeef6498dd5c7c3390dd967788903fbd2f520047cfc8a819a83af35
-
SSDEEP
768:UGysYcthPbMLsPwFuY2RrQI6jRdB53st+1GJ0V0ezPQdDVJb0OTrd4fJDVLOPEBh:UyFML+2YIf5YdDn/qGU1jDiCo
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1976 1964 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1964 wrote to memory of 1976 1964 rundll32.exe WerFault.exe PID 1964 wrote to memory of 1976 1964 rundll32.exe WerFault.exe PID 1964 wrote to memory of 1976 1964 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2040-55-0x00000000001B0000-0x00000000001C3000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1964 -s 562⤵
- Program crash