Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
30-07-2023 21:25
Behavioral task
behavioral1
Sample
2916-199-0x000007FEF5170000-0x000007FEF5BA9000-memory.dll
Resource
win7-20230712-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
2916-199-0x000007FEF5170000-0x000007FEF5BA9000-memory.dll
Resource
win10v2004-20230703-en
1 signatures
150 seconds
General
-
Target
2916-199-0x000007FEF5170000-0x000007FEF5BA9000-memory.dll
-
Size
10.2MB
-
MD5
5f5ee6867f7204a1e5ada81e53b21b3d
-
SHA1
31b90acf2828d68595bcbb5b9e3db5724ee0dbdf
-
SHA256
6595f03e765bfc2db87b6a8e7123acaefd37d1d0e6adfc046f634b2a4ce878be
-
SHA512
0256d606276a592fcc2e584b8754f8138e8ba25113cd005e1c29533d66689406f459c0cfe26874b24ba1a1c6dd41cdeedb8ba849ec8e30c944ccb1eb709f7ced
-
SSDEEP
196608:/ulYC7DBWNBF5NGeYxcGGWlqs135BTOnlEvLphJKYaoMK0FX1:/ul9pWD9nrGGiqs1JMuLJjMK2l
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1904 2192 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2192 wrote to memory of 1904 2192 rundll32.exe WerFault.exe PID 2192 wrote to memory of 1904 2192 rundll32.exe WerFault.exe PID 2192 wrote to memory of 1904 2192 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2916-199-0x000007FEF5170000-0x000007FEF5BA9000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2192 -s 562⤵
- Program crash