Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
02-09-2023 23:33
Behavioral task
behavioral1
Sample
5ab2225e0536322e4262cd2f28a3e664bd73a32b8e5f2fd8b1cfd23bd2346b1e.dll
Resource
win7-20230831-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
5ab2225e0536322e4262cd2f28a3e664bd73a32b8e5f2fd8b1cfd23bd2346b1e.dll
Resource
win10v2004-20230831-en
2 signatures
150 seconds
General
-
Target
5ab2225e0536322e4262cd2f28a3e664bd73a32b8e5f2fd8b1cfd23bd2346b1e.dll
-
Size
208KB
-
MD5
be7e9cff9226cc7cec40e118c3fb24d4
-
SHA1
eb67d0a88bca6354e6ffb26aebd877569bb118e7
-
SHA256
5ab2225e0536322e4262cd2f28a3e664bd73a32b8e5f2fd8b1cfd23bd2346b1e
-
SHA512
1f86e22509bc979630b567551fddeecadf2369b8dddbb07e6fa09b5656940fc0afc3f5b5096394dd7ee37664d8274ae74805a03c8657baf724a671aacecc0e98
-
SSDEEP
3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUyY5a:LIDff9D8C6XYRw6MT2DEj
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1292 2072 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1596 wrote to memory of 2072 1596 rundll32.exe rundll32.exe PID 1596 wrote to memory of 2072 1596 rundll32.exe rundll32.exe PID 1596 wrote to memory of 2072 1596 rundll32.exe rundll32.exe PID 1596 wrote to memory of 2072 1596 rundll32.exe rundll32.exe PID 1596 wrote to memory of 2072 1596 rundll32.exe rundll32.exe PID 1596 wrote to memory of 2072 1596 rundll32.exe rundll32.exe PID 1596 wrote to memory of 2072 1596 rundll32.exe rundll32.exe PID 2072 wrote to memory of 1292 2072 rundll32.exe WerFault.exe PID 2072 wrote to memory of 1292 2072 rundll32.exe WerFault.exe PID 2072 wrote to memory of 1292 2072 rundll32.exe WerFault.exe PID 2072 wrote to memory of 1292 2072 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5ab2225e0536322e4262cd2f28a3e664bd73a32b8e5f2fd8b1cfd23bd2346b1e.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5ab2225e0536322e4262cd2f28a3e664bd73a32b8e5f2fd8b1cfd23bd2346b1e.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 2323⤵
- Program crash