Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
04-10-2023 09:40
Behavioral task
behavioral1
Sample
2952-1061-0x0000000003270000-0x00000000033A1000-memory.dll
Resource
win7-20230831-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2952-1061-0x0000000003270000-0x00000000033A1000-memory.dll
Resource
win10v2004-20230915-en
0 signatures
150 seconds
General
-
Target
2952-1061-0x0000000003270000-0x00000000033A1000-memory.dll
-
Size
1.2MB
-
MD5
ca11f6dc1e2f6e908f94dbc958f1fcca
-
SHA1
4efcecdbe01158d00b970980a9fe633eabef274f
-
SHA256
df36ec000052c4bf76ad69caa2b2ec8068a4684fd9fd12ab23a73fa165425cc3
-
SHA512
6b248fe561c22ca8c220ea49b30d29f4f7a6c3877d7aa8f65fd47eb42e83e44e4e92fd2f7458626bd2d0d0e1e6fc2bc41cda20fdf35eafad29ba41c064387822
-
SSDEEP
24576:3C7CI9TZDEWk1wCy0zaG9cQAG1ftxmbfYQJZKua+:7I99DEWVtQAGZmn0l
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2448 wrote to memory of 1940 2448 rundll32.exe 28 PID 2448 wrote to memory of 1940 2448 rundll32.exe 28 PID 2448 wrote to memory of 1940 2448 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2952-1061-0x0000000003270000-0x00000000033A1000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2448 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2448 -s 562⤵PID:1940
-