Analysis
-
max time kernel
91s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
22-11-2023 14:57
Static task
static1
Behavioral task
behavioral1
Sample
95357abd84854c615bf87a93312ebdae6c9c5ea0f6e4103e537535b0f204c08b.dll
Resource
win7-20231020-en
3 signatures
150 seconds
General
-
Target
95357abd84854c615bf87a93312ebdae6c9c5ea0f6e4103e537535b0f204c08b.dll
-
Size
219KB
-
MD5
9485be02b5a5edb57665cabdcf53b0a4
-
SHA1
373f54a7d2d7098a0be89af463d82d496b6612df
-
SHA256
95357abd84854c615bf87a93312ebdae6c9c5ea0f6e4103e537535b0f204c08b
-
SHA512
44ab01ce9529f2c85be9f8fd01ef8f66463596a020d5bb5036169be45b06568b1d1f600fc9fe00a654e781283c3b3eedcdfa40ff98a68884143de4da00c0b1f3
-
SSDEEP
3072:i0EUEDB4BgEqaKOLFoonhHcyWgGKb/fMT2JYhJlC3upskOuyPoccIPS3tMHZ7Nah:uUEeK5aTLF7cBK8FsPuyPdxiMHPzXO
Malware Config
Extracted
Family
systembc
C2
45.63.66.10:443
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 852 1808 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2424 wrote to memory of 1808 2424 rundll32.exe rundll32.exe PID 2424 wrote to memory of 1808 2424 rundll32.exe rundll32.exe PID 2424 wrote to memory of 1808 2424 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\95357abd84854c615bf87a93312ebdae6c9c5ea0f6e4103e537535b0f204c08b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2424 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\95357abd84854c615bf87a93312ebdae6c9c5ea0f6e4103e537535b0f204c08b.dll,#12⤵PID:1808
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 6283⤵
- Program crash
PID:852
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1808 -ip 18081⤵PID:5104