Analysis
-
max time kernel
120s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
02-10-2023 15:24
Behavioral task
behavioral1
Sample
603e0df3f34b2b7601c61ae033955f6eac4ddbdd773e1e3647d9cb5aeca0a20c.dll
Resource
win7-20230831-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
603e0df3f34b2b7601c61ae033955f6eac4ddbdd773e1e3647d9cb5aeca0a20c.dll
Resource
win10v2004-20230915-en
2 signatures
150 seconds
General
-
Target
603e0df3f34b2b7601c61ae033955f6eac4ddbdd773e1e3647d9cb5aeca0a20c.dll
-
Size
208KB
-
MD5
5f8817d460395d75b65046f25fb2fbef
-
SHA1
11e092a26d20769701de89560ac5ebb472d0f3e1
-
SHA256
603e0df3f34b2b7601c61ae033955f6eac4ddbdd773e1e3647d9cb5aeca0a20c
-
SHA512
b236653a44f950991d6232ad41f1ef03f9ca477a1c9cdee678ce41b2fc1731810eae43d71e6b3862f50c17da11f9668118d857614ce9a88039ba8ab49529e1ef
-
SSDEEP
3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUcY58:LIDff9D8C6XYRw6MT2DEj
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2792 2788 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 2412 wrote to memory of 2788 2412 rundll32.exe rundll32.exe PID 2412 wrote to memory of 2788 2412 rundll32.exe rundll32.exe PID 2412 wrote to memory of 2788 2412 rundll32.exe rundll32.exe PID 2412 wrote to memory of 2788 2412 rundll32.exe rundll32.exe PID 2412 wrote to memory of 2788 2412 rundll32.exe rundll32.exe PID 2412 wrote to memory of 2788 2412 rundll32.exe rundll32.exe PID 2412 wrote to memory of 2788 2412 rundll32.exe rundll32.exe PID 2788 wrote to memory of 2792 2788 rundll32.exe WerFault.exe PID 2788 wrote to memory of 2792 2788 rundll32.exe WerFault.exe PID 2788 wrote to memory of 2792 2788 rundll32.exe WerFault.exe PID 2788 wrote to memory of 2792 2788 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\603e0df3f34b2b7601c61ae033955f6eac4ddbdd773e1e3647d9cb5aeca0a20c.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\603e0df3f34b2b7601c61ae033955f6eac4ddbdd773e1e3647d9cb5aeca0a20c.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 2323⤵
- Program crash