Analysis
-
max time kernel
137s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
01-01-2024 06:40
Behavioral task
behavioral1
Sample
3c2658c042d05cbb82a38b07eb929901.dll
Resource
win7-20231129-en
windows7-x64
10 signatures
150 seconds
Behavioral task
behavioral2
Sample
3c2658c042d05cbb82a38b07eb929901.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
3c2658c042d05cbb82a38b07eb929901.dll
-
Size
176KB
-
MD5
3c2658c042d05cbb82a38b07eb929901
-
SHA1
e0cf3cb69d2a74f6bdac14d0ea16d24d87d7a499
-
SHA256
5fbe22f977ff6a33746652cf5ca143c05eb242a1e20d56a662ef572f1e58cade
-
SHA512
2390577006c398ccad12e09ed6b3a75d25d7ef7cab06283551ec1604f245884f2e8e0df475f652efd6a707b17613b4c16222436ea997fa09ffced6bc3c709acd
-
SSDEEP
3072:EfQ9DX7m6Cpp9FZTv6MPPrYZFLCD39dkLnfXZQjIkm9OdxUWLofLiHwhsjttoutl:Vj7i9LvhUFSn0Xsdm2sLkoS
Score
7/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/3772-0-0x0000000000400000-0x0000000000451000-memory.dmp upx behavioral2/memory/3772-2-0x0000000000400000-0x0000000000451000-memory.dmp upx -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1520 3772 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4832 wrote to memory of 3772 4832 rundll32.exe rundll32.exe PID 4832 wrote to memory of 3772 4832 rundll32.exe rundll32.exe PID 4832 wrote to memory of 3772 4832 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3c2658c042d05cbb82a38b07eb929901.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3c2658c042d05cbb82a38b07eb929901.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 5443⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3772 -ip 37721⤵