Analysis
-
max time kernel
55s -
max time network
74s -
platform
windows10-1703_x64 -
resource
win10-20230621-ja -
resource tags
arch:x64arch:x86image:win10-20230621-jalocale:ja-jpos:windows10-1703-x64systemwindows -
submitted
27-06-2023 06:46
Behavioral task
behavioral1
Sample
bad79d51ba6bc06e7017d949ca9cb5ef1e65536066aec38ec372b9f8e225fa99.dll
Resource
win7-20230621-ja
Behavioral task
behavioral2
Sample
bad79d51ba6bc06e7017d949ca9cb5ef1e65536066aec38ec372b9f8e225fa99.dll
Resource
win10-20230621-ja
Behavioral task
behavioral3
Sample
bad79d51ba6bc06e7017d949ca9cb5ef1e65536066aec38ec372b9f8e225fa99.dll
Resource
win10v2004-20230621-ja
General
-
Target
bad79d51ba6bc06e7017d949ca9cb5ef1e65536066aec38ec372b9f8e225fa99.dll
-
Size
5.5MB
-
MD5
3b4f6af5893f9aafb1f17c9dfb1e532b
-
SHA1
98174a940d2920768ebe21844bc3aa0c4917e6d3
-
SHA256
bad79d51ba6bc06e7017d949ca9cb5ef1e65536066aec38ec372b9f8e225fa99
-
SHA512
38f17d96542af89f1058e87f55b875c1969c5c3580e739d9e32ec6d8b41d50d8f348f40778382db906f1164fc3062878d187df5623d5de08ecbb276aa0515672
-
SSDEEP
49152:Z/L42JErM38FaXp7F3TcT//lR8dnGaTz2aj/jVf:33RXjjcT//AGaTpf
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4336 3092 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4408 wrote to memory of 3092 4408 rundll32.exe rundll32.exe PID 4408 wrote to memory of 3092 4408 rundll32.exe rundll32.exe PID 4408 wrote to memory of 3092 4408 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bad79d51ba6bc06e7017d949ca9cb5ef1e65536066aec38ec372b9f8e225fa99.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4408 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bad79d51ba6bc06e7017d949ca9cb5ef1e65536066aec38ec372b9f8e225fa99.dll,#12⤵PID:3092
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 6163⤵
- Program crash
PID:4336