Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
13-10-2023 01:44
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7d6c819c7accbd9abe8f6c4eb087eea2.dll
Resource
win7-20230831-en
windows7-x64
2 signatures
150 seconds
General
-
Target
7d6c819c7accbd9abe8f6c4eb087eea2.dll
-
Size
1.1MB
-
MD5
7d6c819c7accbd9abe8f6c4eb087eea2
-
SHA1
6b6b4bc3c0bc152cbea590c83dd55b2101abb130
-
SHA256
2d93ffc4f232bcc5f7c2a19d8fcbaa50884e60a027804fcecc3c40d120eedc8c
-
SHA512
cfbc2bf4d5417d066ba8c845c8117306650347648c13fac51d65f6610493b81af8317051268c8152b2c6011cf4baeffcd2bc928c5334842b6147d70173ac8e8a
-
SSDEEP
24576:Qc6T3/YiaASvUn+J35XBMZZ9+xyc30w/tDMJIy:1iaASvUnI5XAZ9iyET
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1300 wrote to memory of 2808 1300 rundll32.exe WerFault.exe PID 1300 wrote to memory of 2808 1300 rundll32.exe WerFault.exe PID 1300 wrote to memory of 2808 1300 rundll32.exe WerFault.exe