Analysis
-
max time kernel
151s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22/12/2023, 08:54
Behavioral task
behavioral1
Sample
7f0d32a56049172e2f96622770f93cdf.dll
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
7f0d32a56049172e2f96622770f93cdf.dll
Resource
win10v2004-20231215-en
3 signatures
150 seconds
General
-
Target
7f0d32a56049172e2f96622770f93cdf.dll
-
Size
682KB
-
MD5
7f0d32a56049172e2f96622770f93cdf
-
SHA1
6269926fe09d3578b82fa36ffdd5570746a4f168
-
SHA256
03bed28e6a03761bfe4cb76eba6b3c91c8c014ab40a68c639aa5e7acd6bb4bd4
-
SHA512
06a06644489458308c6c0e16ce406caa916ea7b7735ebe5a7782c4ee85584d3806a8188017d4f569f8d75176964d7a2c63d744f4834324071bc17853d3777bcf
-
SSDEEP
12288:wbDACBqBA1kCe1YIDXKzXMj+GUBYB4x0PqHpyC2LQX:bm1Re1YmX/MIg3H8C2
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4852-0-0x0000000075030000-0x0000000075195000-memory.dmp vmprotect -
Program crash 1 IoCs
pid pid_target Process procid_target 2864 4852 WerFault.exe 88 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2348 wrote to memory of 4852 2348 rundll32.exe 88 PID 2348 wrote to memory of 4852 2348 rundll32.exe 88 PID 2348 wrote to memory of 4852 2348 rundll32.exe 88
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7f0d32a56049172e2f96622770f93cdf.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2348 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7f0d32a56049172e2f96622770f93cdf.dll,#12⤵PID:4852
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 6163⤵
- Program crash
PID:2864
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4852 -ip 48521⤵PID:4612