Analysis
-
max time kernel
139s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20230831-en -
resource tags
arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system -
submitted
08-09-2023 17:49
Behavioral task
behavioral1
Sample
d0b6158d598c5a364e241f6e38d7f2136120a5e8f2c972bd3fb43f2f44c667b0.dll
Resource
win7-20230831-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
d0b6158d598c5a364e241f6e38d7f2136120a5e8f2c972bd3fb43f2f44c667b0.dll
Resource
win10v2004-20230831-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
d0b6158d598c5a364e241f6e38d7f2136120a5e8f2c972bd3fb43f2f44c667b0.dll
-
Size
208KB
-
MD5
4f2a9a8f21396df7187d6be0e0fac136
-
SHA1
4536ce867403c88869ddd20fece011275b0d18b0
-
SHA256
d0b6158d598c5a364e241f6e38d7f2136120a5e8f2c972bd3fb43f2f44c667b0
-
SHA512
d980a0fd4f95e0439e97b401c6e64d994dada8862c108f9a66e8462bfe716d7b118cb843d41f03b9795df7d9af22f5e0a2d84ef5b156184887848540f76dcc6b
-
SSDEEP
3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUTY58:LIDff9D8C6XYRw6MT2DEj
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1812 2660 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 948 wrote to memory of 2660 948 rundll32.exe rundll32.exe PID 948 wrote to memory of 2660 948 rundll32.exe rundll32.exe PID 948 wrote to memory of 2660 948 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d0b6158d598c5a364e241f6e38d7f2136120a5e8f2c972bd3fb43f2f44c667b0.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:948 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d0b6158d598c5a364e241f6e38d7f2136120a5e8f2c972bd3fb43f2f44c667b0.dll,#12⤵PID:2660
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 6403⤵
- Program crash
PID:1812
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2660 -ip 26601⤵PID:4112