Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231130-en -
resource tags
arch:x64arch:x86image:win7-20231130-enlocale:en-usos:windows7-x64system -
submitted
07/12/2023, 17:29
Behavioral task
behavioral1
Sample
836fdeb788a6c60b64f7b77b4428316dea2a1c6ee823735a8b9ab6e99d03c937.dll
Resource
win7-20231130-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
836fdeb788a6c60b64f7b77b4428316dea2a1c6ee823735a8b9ab6e99d03c937.dll
Resource
win10v2004-20231130-en
3 signatures
150 seconds
General
-
Target
836fdeb788a6c60b64f7b77b4428316dea2a1c6ee823735a8b9ab6e99d03c937.dll
-
Size
283KB
-
MD5
f58074930da29421492495fd32b516e6
-
SHA1
2aaa60863a75476baf245c4a3fe0e76390db65ac
-
SHA256
836fdeb788a6c60b64f7b77b4428316dea2a1c6ee823735a8b9ab6e99d03c937
-
SHA512
830a822f8f4f5f4025c4610a28e459775e00d750b3cad5bf42e1ed0793e41100a15088f2f9fa99869c91beacefd708f991263128bca38d938e6db1da8e76b55a
-
SSDEEP
6144:5/omVOmIq5Uh24ckQjP6xbJ3alRIqmqI6YpRJHhhj2HUBSBC+PS:5DImv9P6xb8RIj5Zk
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2532-1-0x0000000074F10000-0x0000000074F5A000-memory.dmp vmprotect behavioral1/memory/2532-3-0x0000000074F10000-0x0000000074F5A000-memory.dmp vmprotect behavioral1/memory/2532-5-0x0000000074F10000-0x0000000074F5A000-memory.dmp vmprotect -
Program crash 1 IoCs
pid pid_target Process procid_target 2824 2532 WerFault.exe 28 -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 1568 wrote to memory of 2532 1568 rundll32.exe 28 PID 1568 wrote to memory of 2532 1568 rundll32.exe 28 PID 1568 wrote to memory of 2532 1568 rundll32.exe 28 PID 1568 wrote to memory of 2532 1568 rundll32.exe 28 PID 1568 wrote to memory of 2532 1568 rundll32.exe 28 PID 1568 wrote to memory of 2532 1568 rundll32.exe 28 PID 1568 wrote to memory of 2532 1568 rundll32.exe 28 PID 2532 wrote to memory of 2824 2532 rundll32.exe 29 PID 2532 wrote to memory of 2824 2532 rundll32.exe 29 PID 2532 wrote to memory of 2824 2532 rundll32.exe 29 PID 2532 wrote to memory of 2824 2532 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\836fdeb788a6c60b64f7b77b4428316dea2a1c6ee823735a8b9ab6e99d03c937.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1568 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\836fdeb788a6c60b64f7b77b4428316dea2a1c6ee823735a8b9ab6e99d03c937.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2532 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 2203⤵
- Program crash
PID:2824
-
-