Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
08-08-2023 10:20
Behavioral task
behavioral1
Sample
2148-55-0x000007FEF54E0000-0x000007FEF5F64000-memory.dll
Resource
win7-20230712-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
2148-55-0x000007FEF54E0000-0x000007FEF5F64000-memory.dll
Resource
win10v2004-20230703-en
1 signatures
150 seconds
General
-
Target
2148-55-0x000007FEF54E0000-0x000007FEF5F64000-memory.dll
-
Size
10.5MB
-
MD5
f851a2ea7081551187eb57ea90d20b41
-
SHA1
8a294038f8fbba60bd3271fbdea73d68277b9070
-
SHA256
0afeeac1c962ac4fedd58f2bd9ba5b8a99e2befede29d89405651c7373a58144
-
SHA512
aa9f79a240918b71381e7400d87bd8b9c17cf0c6fba30e6d863f6590a03ea09b516a80bbf75d7a66080e44d2475916146517ec5723bbdbafb1c00f75d8623aab
-
SSDEEP
196608:Mi/k/zAId/X7MN4HhXkBumcyJ6O3LdCgPrSket8QDDmc6I:D/kbAMvQN4B+hcyEcLdCguJt8aDUI
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target Process procid_target 2304 2924 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid Process procid_target PID 2924 wrote to memory of 2304 2924 rundll32.exe 28 PID 2924 wrote to memory of 2304 2924 rundll32.exe 28 PID 2924 wrote to memory of 2304 2924 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2148-55-0x000007FEF54E0000-0x000007FEF5F64000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2924 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2924 -s 562⤵
- Program crash
PID:2304
-