Analysis
-
max time kernel
142s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
25-10-2023 06:56
Behavioral task
behavioral1
Sample
d3a11c527ce87a97b3ae9b2456d9f485363683281235d0605202ee92bf1eb5b7.dll
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
d3a11c527ce87a97b3ae9b2456d9f485363683281235d0605202ee92bf1eb5b7.dll
Resource
win10v2004-20231020-en
General
-
Target
d3a11c527ce87a97b3ae9b2456d9f485363683281235d0605202ee92bf1eb5b7.dll
-
Size
208KB
-
MD5
26b4810e1372c15b6650cfd32ce66ddb
-
SHA1
8154042e089b633dd57c3b054f2e94b45bd6cd13
-
SHA256
d3a11c527ce87a97b3ae9b2456d9f485363683281235d0605202ee92bf1eb5b7
-
SHA512
d437c4564880108efc45a9de436cab354552ac4da29498d9ab72520ad855064d0352e4396e66d7698b953f803d2f0b8bddec711156bffd8c70fbb37811f1f8ca
-
SSDEEP
3072:v/QPFX1eqEfuBNSYuiM8CNj8hFsoMX0ghsJRgCD3iFw9jdU9Y5mq:v/MEfuN0t8C5oFsoeRM3o0jN
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3040 4804 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4996 wrote to memory of 4804 4996 rundll32.exe rundll32.exe PID 4996 wrote to memory of 4804 4996 rundll32.exe rundll32.exe PID 4996 wrote to memory of 4804 4996 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d3a11c527ce87a97b3ae9b2456d9f485363683281235d0605202ee92bf1eb5b7.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4996 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d3a11c527ce87a97b3ae9b2456d9f485363683281235d0605202ee92bf1eb5b7.dll,#12⤵PID:4804
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 6323⤵
- Program crash
PID:3040
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4804 -ip 48041⤵PID:3612