Analysis
-
max time kernel
117s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
10/01/2024, 05:53
Behavioral task
behavioral1
Sample
4fc213c5beec0a48c992cc16147bd898.dll
Resource
win7-20231215-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
4fc213c5beec0a48c992cc16147bd898.dll
Resource
win10v2004-20231222-en
2 signatures
150 seconds
General
-
Target
4fc213c5beec0a48c992cc16147bd898.dll
-
Size
458KB
-
MD5
4fc213c5beec0a48c992cc16147bd898
-
SHA1
d078e20725cdd69ef19feff5ccb74a8eebbe7a2a
-
SHA256
a009833a53432868463134a6df8b017b744c4392b80d2446a33a71ee9f51cada
-
SHA512
730195cd83e3474f9ad9be3b4ce0f8a0144242ee85212f00b65c1c2a0ab71073afbafb6e76a2d2103fa4153623e9d8149b605874718c3f54c0374efa89f2679f
-
SSDEEP
6144:wpk16OPyxES6t7kxrpZDGI9VSgljHRCp8vohC3WeyZzqT0ouGCOuOy3wH1Pc:aQ6Eyz6pknZSMogF4IoggouGnrH1Pc
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1888-0-0x000007FEF7450000-0x000007FEF74CD000-memory.dmp vmprotect behavioral1/memory/1888-2-0x000007FEF7450000-0x000007FEF74CD000-memory.dmp vmprotect behavioral1/memory/1888-4-0x000007FEF7450000-0x000007FEF74CD000-memory.dmp vmprotect -
Drops file in Windows directory 2 IoCs
description ioc Process File opened for modification \??\c:\windows\rzZBNdlgPe\ rundll32.exe File created \??\c:\windows\rzZBNdlgPe\O6cKgCO.txt rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1888 wrote to memory of 2792 1888 rundll32.exe 28 PID 1888 wrote to memory of 2792 1888 rundll32.exe 28 PID 1888 wrote to memory of 2792 1888 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4fc213c5beec0a48c992cc16147bd898.dll,#11⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1888 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1888 -s 2402⤵PID:2792
-