Analysis
-
max time kernel
91s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
20-10-2023 16:04
Behavioral task
behavioral1
Sample
2464-1-0x0000000000130000-0x000000000013E000-memory.dll
Resource
win7-20230831-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
2464-1-0x0000000000130000-0x000000000013E000-memory.dll
Resource
win10v2004-20230915-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
2464-1-0x0000000000130000-0x000000000013E000-memory.dll
-
Size
56KB
-
MD5
0caf18e517a887f0879f4c4ddcc92d46
-
SHA1
230aa937ce3246d359ee43c3576a61dfb4698867
-
SHA256
9291f80e0b06a2c7be36aa22390918aec7798604a91b385c48a4623c86b4f83a
-
SHA512
9edb6a0deeeed3cf12dcf0c19d5acae2aff2610da743d1e0ef812ad9507fb55fec5086880098aa3f0f13c4d54b196590bb69977e85750de1c73a68d1e2c5a8ea
-
SSDEEP
768:A2kfIL3q8aQ+73Mncvo0ya8Kl7aQixYgxYJmv0NHY7lbjNltdX20JJ:OQO8aQ+73MnQBVJaf3C7YJj3HG0JJ
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1552 2420 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3356 wrote to memory of 2420 3356 rundll32.exe rundll32.exe PID 3356 wrote to memory of 2420 3356 rundll32.exe rundll32.exe PID 3356 wrote to memory of 2420 3356 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2464-1-0x0000000000130000-0x000000000013E000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2464-1-0x0000000000130000-0x000000000013E000-memory.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 5643⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2420 -ip 24201⤵