Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
20/09/2023, 21:47
Behavioral task
behavioral1
Sample
2076-360-0x0000000002CC0000-0x0000000002DF1000-memory.dll
Resource
win7-20230831-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2076-360-0x0000000002CC0000-0x0000000002DF1000-memory.dll
Resource
win10v2004-20230915-en
0 signatures
150 seconds
General
-
Target
2076-360-0x0000000002CC0000-0x0000000002DF1000-memory.dll
-
Size
1.2MB
-
MD5
2cf184a382fa335144e610fe18dd5f07
-
SHA1
7800de8f854f6526ec178d0c6eaa22865b7d9503
-
SHA256
697268ea87be75883cae71e3d891d8ada834e0c2ba214948f81a05ee6be19047
-
SHA512
e18a9667f7e1d45a5810414b2b01a07bce13cdb1f8d9d0ad1be6e877fa645d027b936f501a8a576bf7156625f9ec6ef65f29ee3a79ceae6858ace99e4c32bbbe
-
SSDEEP
24576:3C7CI9TZDEWk1wCy0zaG9cQAe1ftxmbfYQJZK6wWl:7I99DEWVtQAeZmn0jW
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1596 wrote to memory of 2704 1596 rundll32.exe 28 PID 1596 wrote to memory of 2704 1596 rundll32.exe 28 PID 1596 wrote to memory of 2704 1596 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2076-360-0x0000000002CC0000-0x0000000002DF1000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1596 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1596 -s 562⤵PID:2704
-