Analysis
-
max time kernel
31s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
07-06-2023 19:36
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3d696100adab4005b28c06b231ab5096c999420794d39bb83f824a144ee11a81.dll
Resource
win7-20230220-en
2 signatures
150 seconds
General
-
Target
3d696100adab4005b28c06b231ab5096c999420794d39bb83f824a144ee11a81.dll
-
Size
458KB
-
MD5
0c1fc94f8650dd40505cc6b1a820a074
-
SHA1
5c6a4f0967826c9ac7ba0b12995a4f65d5221af6
-
SHA256
3d696100adab4005b28c06b231ab5096c999420794d39bb83f824a144ee11a81
-
SHA512
bc1ceb92aefa17279c08376fd9933ee462a80649cefab84c4e6293f6d36488cbd7f004ac72be642d909d50c644d8cb4d38cac151566531a936ec3a4cac8247d5
-
SSDEEP
12288:1BBzPfDyNMCLzaf1jhk6rOB4VzW9PXNYL5FHnKaWl5N26fw:lfeNMCn0j5rjI1NO51SI6Y
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2012 2028 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1084 wrote to memory of 2028 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 2028 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 2028 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 2028 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 2028 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 2028 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 2028 1084 rundll32.exe rundll32.exe PID 2028 wrote to memory of 2012 2028 rundll32.exe WerFault.exe PID 2028 wrote to memory of 2012 2028 rundll32.exe WerFault.exe PID 2028 wrote to memory of 2012 2028 rundll32.exe WerFault.exe PID 2028 wrote to memory of 2012 2028 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3d696100adab4005b28c06b231ab5096c999420794d39bb83f824a144ee11a81.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1084 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3d696100adab4005b28c06b231ab5096c999420794d39bb83f824a144ee11a81.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2028 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 2243⤵
- Program crash
PID:2012