Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
05-10-2023 08:36
Behavioral task
behavioral1
Sample
2436-939-0x00000000033F0000-0x0000000003521000-memory.dll
Resource
win7-20230831-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2436-939-0x00000000033F0000-0x0000000003521000-memory.dll
Resource
win10v2004-20230915-en
0 signatures
150 seconds
General
-
Target
2436-939-0x00000000033F0000-0x0000000003521000-memory.dll
-
Size
1.2MB
-
MD5
0e2581e8420c41d2c5afa1161788cdbb
-
SHA1
fbb3d791b4b9a52b8f37b7c8c59843df3f2681d5
-
SHA256
8490f5fe55622d886d00f419938285457704859f971a487137548c2693e5c0c2
-
SHA512
6b44d1ae306bd5b1c87c0ec4843eb345a26ddb18c70b2068593d8371dd0cc0d9addb5052fb5cc745f74316185090d6a959392c7758110044e84e28cf3e972f32
-
SSDEEP
24576:3C7CI9TZDEWk1wCy0zaG9cQA+1ftxmbfYQJZKFZRyE:7I99DEWVtQA+Zmn0FZ0
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2112 wrote to memory of 1256 2112 rundll32.exe 28 PID 2112 wrote to memory of 1256 2112 rundll32.exe 28 PID 2112 wrote to memory of 1256 2112 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2436-939-0x00000000033F0000-0x0000000003521000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2112 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2112 -s 562⤵PID:1256
-