Analysis
-
max time kernel
91s -
max time network
117s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
13-07-2023 19:29
Behavioral task
behavioral1
Sample
0d16117dc34736exe_JC.dll
Resource
win7-20230712-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
0d16117dc34736exe_JC.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
0d16117dc34736exe_JC.dll
-
Size
204KB
-
MD5
0d16117dc3473639a44f41f0d102e7dd
-
SHA1
572a3a160517041c8129f94d4dcfc13b8a370286
-
SHA256
1b3a761811d7964837c17ee3e764de45185ec1d0d8dc92049ee086174de6181f
-
SHA512
d3b4ab1557a6824ceb037f5032518ecd5cfa6c51a9b2e8144da45d2a48f95230b9e87dc3d93cef2a3287f29c7648adb48c01c8b16460921d5e8d37e970664ebf
-
SSDEEP
3072:5dFna2JSkcrnYSdM50RAXSPy0qUiS0Lxh5H4evyzUhjQUF5A:FRYkcrY4MCIt07iPlvU0j
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4168 2108 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 232 wrote to memory of 2108 232 rundll32.exe rundll32.exe PID 232 wrote to memory of 2108 232 rundll32.exe rundll32.exe PID 232 wrote to memory of 2108 232 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0d16117dc34736exe_JC.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0d16117dc34736exe_JC.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 6323⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2108 -ip 21081⤵