Analysis
-
max time kernel
139s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20231130-en -
resource tags
arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system -
submitted
07/12/2023, 17:29
Behavioral task
behavioral1
Sample
836fdeb788a6c60b64f7b77b4428316dea2a1c6ee823735a8b9ab6e99d03c937.dll
Resource
win7-20231130-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
836fdeb788a6c60b64f7b77b4428316dea2a1c6ee823735a8b9ab6e99d03c937.dll
Resource
win10v2004-20231130-en
3 signatures
150 seconds
General
-
Target
836fdeb788a6c60b64f7b77b4428316dea2a1c6ee823735a8b9ab6e99d03c937.dll
-
Size
283KB
-
MD5
f58074930da29421492495fd32b516e6
-
SHA1
2aaa60863a75476baf245c4a3fe0e76390db65ac
-
SHA256
836fdeb788a6c60b64f7b77b4428316dea2a1c6ee823735a8b9ab6e99d03c937
-
SHA512
830a822f8f4f5f4025c4610a28e459775e00d750b3cad5bf42e1ed0793e41100a15088f2f9fa99869c91beacefd708f991263128bca38d938e6db1da8e76b55a
-
SSDEEP
6144:5/omVOmIq5Uh24ckQjP6xbJ3alRIqmqI6YpRJHhhj2HUBSBC+PS:5DImv9P6xb8RIj5Zk
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4896-0-0x0000000074C70000-0x0000000074CBA000-memory.dmp vmprotect behavioral2/memory/4896-1-0x0000000074C70000-0x0000000074CBA000-memory.dmp vmprotect behavioral2/memory/4896-2-0x0000000074C70000-0x0000000074CBA000-memory.dmp vmprotect -
Program crash 1 IoCs
pid pid_target Process procid_target 1280 4896 WerFault.exe 83 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 884 wrote to memory of 4896 884 rundll32.exe 83 PID 884 wrote to memory of 4896 884 rundll32.exe 83 PID 884 wrote to memory of 4896 884 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\836fdeb788a6c60b64f7b77b4428316dea2a1c6ee823735a8b9ab6e99d03c937.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:884 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\836fdeb788a6c60b64f7b77b4428316dea2a1c6ee823735a8b9ab6e99d03c937.dll,#12⤵PID:4896
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 6043⤵
- Program crash
PID:1280
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4896 -ip 48961⤵PID:1172