Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
12-10-2023 18:45
Behavioral task
behavioral1
Sample
5e1af6ef32e505fcbc70fcef4595d2ca721fa5f8efae27f97cb070a6dee9388b.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
5e1af6ef32e505fcbc70fcef4595d2ca721fa5f8efae27f97cb070a6dee9388b.dll
Resource
win10v2004-20230915-en
General
-
Target
5e1af6ef32e505fcbc70fcef4595d2ca721fa5f8efae27f97cb070a6dee9388b.dll
-
Size
205KB
-
MD5
234145d58d465ef5bbc2ea3144657321
-
SHA1
7727df6c493bd468f958cf7fd5fdfa27896c897c
-
SHA256
5e1af6ef32e505fcbc70fcef4595d2ca721fa5f8efae27f97cb070a6dee9388b
-
SHA512
20165a989831d031317c82e7dbeaaa275d169bbe78d4f4917c14615793ee9e9ed8b52a700f68d062ea7813ba5a278e9e17694e16499e2ca4034e8f2b4165c1f5
-
SSDEEP
3072:v/QPFX1eqEfuBNSYuiM8CNj8hFsoMX0ghsJRgCD3iFw9jdUY5PU+:v/MEfuN0t8C5oFsoeRM3o0jZ
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4652 4808 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3164 wrote to memory of 4808 3164 rundll32.exe rundll32.exe PID 3164 wrote to memory of 4808 3164 rundll32.exe rundll32.exe PID 3164 wrote to memory of 4808 3164 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5e1af6ef32e505fcbc70fcef4595d2ca721fa5f8efae27f97cb070a6dee9388b.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5e1af6ef32e505fcbc70fcef4595d2ca721fa5f8efae27f97cb070a6dee9388b.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 6323⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4808 -ip 48081⤵