Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
24-12-2023 20:06
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0fc4f81112953bd3b077a8747bf8faa6.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
0fc4f81112953bd3b077a8747bf8faa6.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
0fc4f81112953bd3b077a8747bf8faa6.dll
-
Size
1016KB
-
MD5
0fc4f81112953bd3b077a8747bf8faa6
-
SHA1
65851b3268de95c1bcf386fd2f0c09f10fd4fda3
-
SHA256
9c1cebc2927395069711c01e8037950e0b26f56af12a225589d942c3612375f0
-
SHA512
6835eaa5e6137b1c517cd33cfb6ac516b872923fbc1ab41d51ff5a5a28faa95fcd83045ec2e4e10502b92e21c0a11ce42d6d9ac64cb8e2faca26f84a8699494a
-
SSDEEP
6144:MxEp4XDJWzbRh0ScU+nBS6VEfuOCQ895jcM1:M+NzbRaSQSX3S95R
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1776 4632 WerFault.exe 17 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3068 wrote to memory of 4632 3068 rundll32.exe 17 PID 3068 wrote to memory of 4632 3068 rundll32.exe 17 PID 3068 wrote to memory of 4632 3068 rundll32.exe 17
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0fc4f81112953bd3b077a8747bf8faa6.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3068 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0fc4f81112953bd3b077a8747bf8faa6.dll,#12⤵PID:4632
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 6363⤵
- Program crash
PID:1776
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4632 -ip 46321⤵PID:4524