Analysis
-
max time kernel
166s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-12-2023 02:36
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
00513a0893dd26507da397541a99cd78.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
00513a0893dd26507da397541a99cd78.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
00513a0893dd26507da397541a99cd78.dll
-
Size
332KB
-
MD5
00513a0893dd26507da397541a99cd78
-
SHA1
b6d9725524bf8871bb283eacafe16a421885c957
-
SHA256
3fe432182cd16bc38e570c4b244507b10f0e305328f127ee51ade0ff29355123
-
SHA512
df8e186e9c7bc222634bd9a23197bd03edd983f0a2c61aef038eab83d87d7c9d45bf47612664f4b1cfbb0efad33ce2758a059d41e88e3036f97b63d74a681dc4
-
SSDEEP
3072:1XfTy2lnJ9AuB44nFYJnlCTijZqMNFsjODop6ablIJaAZyaC5uNesbjGd/:1PTygJOuB4IEvQODop6abluagy4
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3780 1124 WerFault.exe 23 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4752 wrote to memory of 1124 4752 rundll32.exe 23 PID 4752 wrote to memory of 1124 4752 rundll32.exe 23 PID 4752 wrote to memory of 1124 4752 rundll32.exe 23
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\00513a0893dd26507da397541a99cd78.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4752 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\00513a0893dd26507da397541a99cd78.dll,#12⤵PID:1124
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 6643⤵
- Program crash
PID:3780
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1124 -ip 11241⤵PID:4660