Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31-12-2023 11:40
Behavioral task
behavioral1
Sample
34c09d843f219694be357071353950b3.dll
Resource
win7-20231215-en
windows7-x64
11 signatures
150 seconds
Behavioral task
behavioral2
Sample
34c09d843f219694be357071353950b3.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
34c09d843f219694be357071353950b3.dll
-
Size
174KB
-
MD5
34c09d843f219694be357071353950b3
-
SHA1
60998354cd8bc380bb861d47f68e0d6ff61154f9
-
SHA256
3a3715f559d66a4be1565826e7a29f8e49f0c26ab4f8cc4d63fb379f1e76a6ae
-
SHA512
af088475b0eb74aeb7c5bb008c1d5502f6b3363f2bff5b590c3c92b511772b42e35392048e75aad030b172f837dac38df4b93bcf6fb15a3b4185d3e93eb477ac
-
SSDEEP
3072:my9M+c7vmK+NUAd9B7QLZmcNPpw4FDVfx3CC0ry08jK3W6e7vqeout0Z:mm8ynZoZtFNFFx3CFryDKly/oS0
Score
7/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/2740-1-0x0000000000CB0000-0x0000000000D00000-memory.dmp upx behavioral2/memory/2740-0-0x0000000000CB0000-0x0000000000D00000-memory.dmp upx -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3908 2740 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2932 wrote to memory of 2740 2932 rundll32.exe rundll32.exe PID 2932 wrote to memory of 2740 2932 rundll32.exe rundll32.exe PID 2932 wrote to memory of 2740 2932 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\34c09d843f219694be357071353950b3.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\34c09d843f219694be357071353950b3.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 5403⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2740 -ip 27401⤵