Analysis
-
max time kernel
141s -
max time network
168s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30-12-2023 12:08
Behavioral task
behavioral1
Sample
180e5fd478c61b02020500577d3285ee.dll
Resource
win7-20231215-en
10 signatures
150 seconds
Behavioral task
behavioral2
Sample
180e5fd478c61b02020500577d3285ee.dll
Resource
win10v2004-20231215-en
3 signatures
150 seconds
General
-
Target
180e5fd478c61b02020500577d3285ee.dll
-
Size
215KB
-
MD5
180e5fd478c61b02020500577d3285ee
-
SHA1
7418fc8a26c44718c25f7a60ffb7d5eb4d7cd705
-
SHA256
e5dc9cacee44fc125ada6c16b69f037f5a950f03bcdc4857298e598d17099b0e
-
SHA512
8e2bb3ea8a47e901b9f9cdcfc645abf0c11643d3c2492fd8e3ab69c9c83a39b6ce59ae738bccfcbe075bc4707aaf32e51aba04446ac1ca89ff4068b2d29f61f7
-
SSDEEP
3072:oPz8LDdv02rPUe7ZIf3aJzZc1lS8gV775CNXlALW657+tBO12B4daq/fiQVt:oyDdM2oe+a41lc97E7s7Haq/fL
Score
7/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/4536-0-0x0000000000400000-0x0000000000456000-memory.dmp upx -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3404 4536 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1752 wrote to memory of 4536 1752 rundll32.exe rundll32.exe PID 1752 wrote to memory of 4536 1752 rundll32.exe rundll32.exe PID 1752 wrote to memory of 4536 1752 rundll32.exe rundll32.exe
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\180e5fd478c61b02020500577d3285ee.dll,#11⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 5682⤵
- Program crash
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\180e5fd478c61b02020500577d3285ee.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4536 -ip 45361⤵