Analysis
-
max time kernel
143s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20230831-en -
resource tags
arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system -
submitted
13-09-2023 11:11
Behavioral task
behavioral1
Sample
781ad40b51e4e5747d90e1701cc9b76f596f0b156aa239cd46cb24fa73680d8a.dll
Resource
win7-20230831-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
781ad40b51e4e5747d90e1701cc9b76f596f0b156aa239cd46cb24fa73680d8a.dll
Resource
win10v2004-20230831-en
2 signatures
150 seconds
General
-
Target
781ad40b51e4e5747d90e1701cc9b76f596f0b156aa239cd46cb24fa73680d8a.dll
-
Size
208KB
-
MD5
349740c3c51e472592fc596cb5a1b84d
-
SHA1
a916e6f200fc756f3a41b14ee1d5eb9296ea8146
-
SHA256
781ad40b51e4e5747d90e1701cc9b76f596f0b156aa239cd46cb24fa73680d8a
-
SHA512
e6371e7b2b1778ea374e14c0b2219cc5180638688e18d57f81aafcfc75dcac03d05fd6fb57512af274ef81e2d171967cdaae81e2745e689607889bc8549601af
-
SSDEEP
3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUDY55:LIDff9D8C6XYRw6MT2DEj
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4464 4764 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3988 wrote to memory of 4764 3988 rundll32.exe rundll32.exe PID 3988 wrote to memory of 4764 3988 rundll32.exe rundll32.exe PID 3988 wrote to memory of 4764 3988 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\781ad40b51e4e5747d90e1701cc9b76f596f0b156aa239cd46cb24fa73680d8a.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\781ad40b51e4e5747d90e1701cc9b76f596f0b156aa239cd46cb24fa73680d8a.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 6323⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4764 -ip 47641⤵