Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
11/10/2023, 12:56
Static task
static1
Behavioral task
behavioral1
Sample
9f4de928ab692ed3dad47e1c48d7062d04deaaf4afe360e98944c4c54d3065fd.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
9f4de928ab692ed3dad47e1c48d7062d04deaaf4afe360e98944c4c54d3065fd.dll
Resource
win10v2004-20230915-en
General
-
Target
9f4de928ab692ed3dad47e1c48d7062d04deaaf4afe360e98944c4c54d3065fd.dll
-
Size
2.1MB
-
MD5
fbb254b64381e7e53901140d2718f186
-
SHA1
aebe9728b5c6044399318b65c49fe37556d9734c
-
SHA256
9f4de928ab692ed3dad47e1c48d7062d04deaaf4afe360e98944c4c54d3065fd
-
SHA512
5052095d4e1883501981ff5ebbc234db7ebf64093bb76dace62197d9863c54280d34e2e93225464865ce7e36744bd32d771a823b9d94685c200be33c6c11b7ba
-
SSDEEP
49152:y8feI79oK2xUrHv31PEbhJ/P0tDpinATs75a78tI:y8D7WK2U/tbtDpgh08tI
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 932 4360 WerFault.exe 85 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3708 wrote to memory of 4360 3708 rundll32.exe 85 PID 3708 wrote to memory of 4360 3708 rundll32.exe 85 PID 3708 wrote to memory of 4360 3708 rundll32.exe 85
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9f4de928ab692ed3dad47e1c48d7062d04deaaf4afe360e98944c4c54d3065fd.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3708 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9f4de928ab692ed3dad47e1c48d7062d04deaaf4afe360e98944c4c54d3065fd.dll,#12⤵PID:4360
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 5643⤵
- Program crash
PID:932
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4360 -ip 43601⤵PID:2520