Analysis
-
max time kernel
117s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
09-01-2024 12:09
Behavioral task
behavioral1
Sample
1540-4873-0x000007FEF5A90000-0x000007FEF5DA8000-memory.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1540-4873-0x000007FEF5A90000-0x000007FEF5DA8000-memory.dll
Resource
win10v2004-20231215-en
0 signatures
150 seconds
General
-
Target
1540-4873-0x000007FEF5A90000-0x000007FEF5DA8000-memory.dll
-
Size
3.1MB
-
MD5
93143f71b4e83af7ff21e943f3e5e65c
-
SHA1
34aabf5f11e38777f44aca5603326c1f3bef95ed
-
SHA256
4f80621669461d0a8c9d23d2bdfb7bc6b3eb9d58eb9599e9faa48e03c2e67d4e
-
SHA512
f962a7b357d1129dc8d871a84cfb027f123149a5e8b7eb3ef58bb9e107dfd5e5e44fe45d1d0014f7be5b297d27ef7c1c5800c9493221f0360fe7f5db10bcc264
-
SSDEEP
24576:Cg8WUczrYimQfEePxwjKi6NUSUeMjz4ILCYKbY3klwP4ZhhLKDItgilbq4zPbsXf:YI7qKQ0GGif
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1896 wrote to memory of 1664 1896 rundll32.exe WerFault.exe PID 1896 wrote to memory of 1664 1896 rundll32.exe WerFault.exe PID 1896 wrote to memory of 1664 1896 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1540-4873-0x000007FEF5A90000-0x000007FEF5DA8000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1896 -s 522⤵