Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
05-08-2023 00:41
Behavioral task
behavioral1
Sample
2492-55-0x000007FEF5410000-0x000007FEF5E67000-memory.dll
Resource
win7-20230712-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
2492-55-0x000007FEF5410000-0x000007FEF5E67000-memory.dll
Resource
win10v2004-20230703-en
1 signatures
150 seconds
General
-
Target
2492-55-0x000007FEF5410000-0x000007FEF5E67000-memory.dll
-
Size
10.3MB
-
MD5
697ff266cdddfe7de7f4266ab61a2760
-
SHA1
9c842cf782ece85310b9f8b9c9f008048ba7a84c
-
SHA256
44572ce1bc7fcb986e99f8da949dad18a8ec3dd4a5b5b264b757222e899ea3b3
-
SHA512
c2b2eecd72fd48e5388bc7e0b22deb997874f76a24e512750f2ed2a67520114940680caf6e3557a15214d9b7b32643cc4e4ffc98358165666ad39dbe0b14fccc
-
SSDEEP
196608:0yRMCKjiYqWJ0ny3vo6SDKStQ72pPVA6L+DsqwiBsuaz:0y6C1Y9J0aSDlqShy/Ds8
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2592 1988 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1988 wrote to memory of 2592 1988 rundll32.exe WerFault.exe PID 1988 wrote to memory of 2592 1988 rundll32.exe WerFault.exe PID 1988 wrote to memory of 2592 1988 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2492-55-0x000007FEF5410000-0x000007FEF5E67000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1988 -s 562⤵
- Program crash