Analysis
-
max time kernel
141s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
25-10-2023 02:51
Behavioral task
behavioral1
Sample
543cc37b5010a62b76a15a80540a8c6fdc63e313863e6d0b7791fdffa19af6b2.dll
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
543cc37b5010a62b76a15a80540a8c6fdc63e313863e6d0b7791fdffa19af6b2.dll
Resource
win10v2004-20231020-en
General
-
Target
543cc37b5010a62b76a15a80540a8c6fdc63e313863e6d0b7791fdffa19af6b2.dll
-
Size
203KB
-
MD5
0c24cde711c859a0779c98495e6db739
-
SHA1
cde5ab9a927e9be986c90b6d80cc5bfc6916d978
-
SHA256
543cc37b5010a62b76a15a80540a8c6fdc63e313863e6d0b7791fdffa19af6b2
-
SHA512
e60570cc295c309d28308c9b330a701f692d8a03cb816184027b4c8fac629aa21b153984eb79da6245d0048b655cb0dda6002dcc1c628db2fbc627572b2c7d97
-
SSDEEP
3072:PGfpVbhIoHE8ConnRVSEDlAZk1GkZX5aWWjEU0Z5IWFE/:ObhIok8ConR5hAQ5atjctE
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 5028 4000 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 800 wrote to memory of 4000 800 rundll32.exe rundll32.exe PID 800 wrote to memory of 4000 800 rundll32.exe rundll32.exe PID 800 wrote to memory of 4000 800 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\543cc37b5010a62b76a15a80540a8c6fdc63e313863e6d0b7791fdffa19af6b2.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\543cc37b5010a62b76a15a80540a8c6fdc63e313863e6d0b7791fdffa19af6b2.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 6243⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4000 -ip 40001⤵