Resubmissions
14-06-2023 09:27
230614-leqzdafd84 1014-06-2023 09:08
230614-k3wdbsfc46 313-06-2023 17:04
230613-vk87kshd62 3Analysis
-
max time kernel
154s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
13-06-2023 17:04
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
borisOutOFControl.dat.dll
Resource
win7-20230220-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
borisOutOFControl.dat.dll
Resource
win10v2004-20230221-en
2 signatures
150 seconds
General
-
Target
borisOutOFControl.dat.dll
-
Size
513KB
-
MD5
3b04f228ba4ffab9c470a17ddb5eccef
-
SHA1
09668a0fee892222ffa07bbbfc0dc2731d6509c5
-
SHA256
53e705c56ff89ab514519a0a8be6727593e754004aff0fec0b58efb5a41c12ac
-
SHA512
13a434aec41550f3d91ab0bc272486513c998a4b3dde73caefc5eea83819cce3e6cf47f7cf85c75dec3827ec543590bab0866516bf4ae8a26e1133af29c4e4c5
-
SSDEEP
12288:xspsY6tHFBPl7rNu5bZHZ95gjyIaa0Pxg:xspsY6tHFBd7rIl175gjyIl0O
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 828 1180 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1508 wrote to memory of 1180 1508 rundll32.exe rundll32.exe PID 1508 wrote to memory of 1180 1508 rundll32.exe rundll32.exe PID 1508 wrote to memory of 1180 1508 rundll32.exe rundll32.exe PID 1508 wrote to memory of 1180 1508 rundll32.exe rundll32.exe PID 1508 wrote to memory of 1180 1508 rundll32.exe rundll32.exe PID 1508 wrote to memory of 1180 1508 rundll32.exe rundll32.exe PID 1508 wrote to memory of 1180 1508 rundll32.exe rundll32.exe PID 1180 wrote to memory of 828 1180 rundll32.exe WerFault.exe PID 1180 wrote to memory of 828 1180 rundll32.exe WerFault.exe PID 1180 wrote to memory of 828 1180 rundll32.exe WerFault.exe PID 1180 wrote to memory of 828 1180 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\borisOutOFControl.dat.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1508 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\borisOutOFControl.dat.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:1180 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 2243⤵
- Program crash
PID:828