Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
04-10-2023 07:15
Behavioral task
behavioral1
Sample
2060-1049-0x0000000003150000-0x0000000003281000-memory.dll
Resource
win7-20230831-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2060-1049-0x0000000003150000-0x0000000003281000-memory.dll
Resource
win10v2004-20230915-en
0 signatures
150 seconds
General
-
Target
2060-1049-0x0000000003150000-0x0000000003281000-memory.dll
-
Size
1.2MB
-
MD5
aa51ee9e6163c11573206a45b883bd6b
-
SHA1
67ac947fa4c478292f63b7de704b7b536372c85a
-
SHA256
39fa661651f659960b96488bd6e5736849e3483aba6261702b35c80ba5db7efa
-
SHA512
da00372d939b5a87b066b61c9dd20efc4c73ea0b1002d5aff2ac02fd570e1b3b61d27d3a12697fdd4a0bb162f4013775268198f0d563256976e0ef04ba5ff8da
-
SSDEEP
24576:3C7CI9TZDEWk1wCy0zaG9cQAo1ftxmbfYQJZKVgm:7I99DEWVtQAoZmn0a
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1676 wrote to memory of 3000 1676 rundll32.exe 28 PID 1676 wrote to memory of 3000 1676 rundll32.exe 28 PID 1676 wrote to memory of 3000 1676 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2060-1049-0x0000000003150000-0x0000000003281000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1676 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1676 -s 562⤵PID:3000
-