Analysis
-
max time kernel
27s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
06-07-2023 15:06
Behavioral task
behavioral1
Sample
346a686b7328d4exeexeexeex.dll
Resource
win7-20230703-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
346a686b7328d4exeexeexeex.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
346a686b7328d4exeexeexeex.dll
-
Size
208KB
-
MD5
346a686b7328d4b6f7970b48db45297e
-
SHA1
c7eff3fc24fdfe59df205c8ba812c4925616d3a3
-
SHA256
51de40c31c3436ee5c701985fe44aa92f7d1b097cc86ce2c203e2865de75e99b
-
SHA512
80832569f86be5bdaf2dec47f9e4bf95c5fc640438b822776e3842f6926df192c48f6e2b932b181e7aec098e0c51cf8424eb478fe43741d934a4560d265a8e94
-
SSDEEP
3072:I+FcIvEbJvYdGVWwk4Kj6olpR2B5f4dS/L4jjZUB55Ow6E:JHEbJAZwBqplpAX/Lmj9bE
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2132 2008 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 2228 wrote to memory of 2008 2228 rundll32.exe rundll32.exe PID 2228 wrote to memory of 2008 2228 rundll32.exe rundll32.exe PID 2228 wrote to memory of 2008 2228 rundll32.exe rundll32.exe PID 2228 wrote to memory of 2008 2228 rundll32.exe rundll32.exe PID 2228 wrote to memory of 2008 2228 rundll32.exe rundll32.exe PID 2228 wrote to memory of 2008 2228 rundll32.exe rundll32.exe PID 2228 wrote to memory of 2008 2228 rundll32.exe rundll32.exe PID 2008 wrote to memory of 2132 2008 rundll32.exe WerFault.exe PID 2008 wrote to memory of 2132 2008 rundll32.exe WerFault.exe PID 2008 wrote to memory of 2132 2008 rundll32.exe WerFault.exe PID 2008 wrote to memory of 2132 2008 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\346a686b7328d4exeexeexeex.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\346a686b7328d4exeexeexeex.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 2443⤵
- Program crash