Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
14-10-2023 10:48
Behavioral task
behavioral1
Sample
781ad40b51e4e5747d90e1701cc9b76f596f0b156aa239cd46cb24fa73680d8a.dll
Resource
win7-20230831-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
781ad40b51e4e5747d90e1701cc9b76f596f0b156aa239cd46cb24fa73680d8a.dll
Resource
win10v2004-20230915-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
781ad40b51e4e5747d90e1701cc9b76f596f0b156aa239cd46cb24fa73680d8a.dll
-
Size
208KB
-
MD5
349740c3c51e472592fc596cb5a1b84d
-
SHA1
a916e6f200fc756f3a41b14ee1d5eb9296ea8146
-
SHA256
781ad40b51e4e5747d90e1701cc9b76f596f0b156aa239cd46cb24fa73680d8a
-
SHA512
e6371e7b2b1778ea374e14c0b2219cc5180638688e18d57f81aafcfc75dcac03d05fd6fb57512af274ef81e2d171967cdaae81e2745e689607889bc8549601af
-
SSDEEP
3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUDY55:LIDff9D8C6XYRw6MT2DEj
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3748 3560 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3396 wrote to memory of 3560 3396 rundll32.exe rundll32.exe PID 3396 wrote to memory of 3560 3396 rundll32.exe rundll32.exe PID 3396 wrote to memory of 3560 3396 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\781ad40b51e4e5747d90e1701cc9b76f596f0b156aa239cd46cb24fa73680d8a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3396 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\781ad40b51e4e5747d90e1701cc9b76f596f0b156aa239cd46cb24fa73680d8a.dll,#12⤵PID:3560
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 6323⤵
- Program crash
PID:3748
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3560 -ip 35601⤵PID:4020