Analysis
-
max time kernel
147s -
max time network
105s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29-12-2023 18:10
Behavioral task
behavioral1
Sample
001bb4eb45b8ca991623bd1591eaf975.dll
Resource
win7-20231215-en
windows7-x64
10 signatures
150 seconds
Behavioral task
behavioral2
Sample
001bb4eb45b8ca991623bd1591eaf975.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
001bb4eb45b8ca991623bd1591eaf975.dll
-
Size
205KB
-
MD5
001bb4eb45b8ca991623bd1591eaf975
-
SHA1
2e8885971ff2b0557fd77af4feb0d43cadc66936
-
SHA256
e85ee4cf3127c06aadafd5ebe8b9e201fba8cf631b6fcbcceee34b9f3c1ac0b8
-
SHA512
7b47e15dbc13a486be3eb25f3379fcb6bc810a1c7d45cbd3982f8ec9c2db523cec7a6e5855b0d880c6b7176cf88472dfcd14cc51bd6479fcc4824393f6886892
-
SSDEEP
6144:i8D0fLejhyfFheiMP4jmLMO4pqEOc9YsbIoS:N0fIyfXe7PwRymRIoS
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/2044-0-0x0000000000400000-0x0000000000468000-memory.dmp upx -
Program crash 1 IoCs
pid pid_target Process procid_target 4808 2044 WerFault.exe 14 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4540 wrote to memory of 2044 4540 rundll32.exe 14 PID 4540 wrote to memory of 2044 4540 rundll32.exe 14 PID 4540 wrote to memory of 2044 4540 rundll32.exe 14
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\001bb4eb45b8ca991623bd1591eaf975.dll,#11⤵PID:2044
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 5482⤵
- Program crash
PID:4808
-
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\001bb4eb45b8ca991623bd1591eaf975.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4540
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2044 -ip 20441⤵PID:3916