Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
09-08-2023 09:16
Behavioral task
behavioral1
Sample
1964-56-0x000007FEF4D70000-0x000007FEF573A000-memory.dll
Resource
win7-20230712-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
1964-56-0x000007FEF4D70000-0x000007FEF573A000-memory.dll
Resource
win10v2004-20230703-en
1 signatures
150 seconds
General
-
Target
1964-56-0x000007FEF4D70000-0x000007FEF573A000-memory.dll
-
Size
9.8MB
-
MD5
2297e7609ce45dd879574db6f658dda4
-
SHA1
7034d4bb83cbe50601dfb246d15d7c8468ec2637
-
SHA256
9a12bfd6f617457c8995c282adc9347b435a5cb9b3ba100de4b9dfee582cbda7
-
SHA512
08f4215b6a62c4e84a146c1b1ef9a097b05712ea5a381eca212f6e92f1829d4a3b1306d97642602bc17b07bcafe7dbfc1e4b9430138228c28215b95a64b8ba36
-
SSDEEP
196608:jc5jf78ygZjpyEH1IVKap9lQ5jbkawGJvrui5VWUDLKUe+yN5B1X9G:jQ0J5eBp9lQRrvbNXZetV1X9
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target Process procid_target 1700 2104 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid Process procid_target PID 2104 wrote to memory of 1700 2104 rundll32.exe 28 PID 2104 wrote to memory of 1700 2104 rundll32.exe 28 PID 2104 wrote to memory of 1700 2104 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-56-0x000007FEF4D70000-0x000007FEF573A000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2104 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2104 -s 562⤵
- Program crash
PID:1700
-