Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
02/10/2023, 07:31
Behavioral task
behavioral1
Sample
5380-665-0x0000000002DE0000-0x0000000002F11000-memory.dll
Resource
win7-20230831-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
5380-665-0x0000000002DE0000-0x0000000002F11000-memory.dll
Resource
win10v2004-20230915-en
0 signatures
150 seconds
General
-
Target
5380-665-0x0000000002DE0000-0x0000000002F11000-memory.dll
-
Size
1.2MB
-
MD5
386c654ef81f8d599e4775c105a8221f
-
SHA1
eb4f46fd362a8df7d3d4f7a006f9e2b5c412d963
-
SHA256
4349afa503d3e0c6844b31a8bb00619977cebb686d6a4ee259f5a796fb480ec0
-
SHA512
4fe9d6c080b121ea1c015463e2c6119a9202c370ea8aac3fef76dcf8e2353c6fcfcc0f54f41cb68e9e74a13ae87cd92b4ba0dad3068fbdfe6afe40d92a8ddcfa
-
SSDEEP
24576:3C7CI9TZDEWk1wCy0zaG9cQAs1ftxmbfYQJZKly3:7I99DEWVtQAsZmn08
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2056 wrote to memory of 2116 2056 rundll32.exe 28 PID 2056 wrote to memory of 2116 2056 rundll32.exe 28 PID 2056 wrote to memory of 2116 2056 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5380-665-0x0000000002DE0000-0x0000000002F11000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2056 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2056 -s 562⤵PID:2116
-