Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
18-01-2024 02:57
Behavioral task
behavioral1
Sample
644afc029b04160bbb3a998595c2b970.dll
Resource
win7-20231215-en
windows7-x64
10 signatures
150 seconds
Behavioral task
behavioral2
Sample
644afc029b04160bbb3a998595c2b970.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
644afc029b04160bbb3a998595c2b970.dll
-
Size
199KB
-
MD5
644afc029b04160bbb3a998595c2b970
-
SHA1
a3d53a4ae75304118ec44d379a3a5e7896c0e2a4
-
SHA256
1f605cae44fca207e2f3192b28a3545d64b9541cb22a8d376284e45d8a42f324
-
SHA512
0cc791022bd42ed9322e6af48a99a40295c2ee6160c5b93f1f9a07f591977c6af856a516f7e041d2da5fa97c8351fc79fab3eb03e9c3dde63410e7f1b2551010
-
SSDEEP
3072:KRBKSEX6vbnHbZRN6O0y6T/dd0Xukd8zIsXUp7KKwgdDRhPAJ+h4RsJxKPpAiYM:oKtqvbnHbZRALguk8I7KOf8RsqxA
Score
7/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/4380-0-0x0000000000400000-0x0000000000455000-memory.dmp upx -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 808 4380 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 988 wrote to memory of 4380 988 rundll32.exe rundll32.exe PID 988 wrote to memory of 4380 988 rundll32.exe rundll32.exe PID 988 wrote to memory of 4380 988 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\644afc029b04160bbb3a998595c2b970.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:988 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\644afc029b04160bbb3a998595c2b970.dll,#12⤵PID:4380
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 5803⤵
- Program crash
PID:808
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4380 -ip 43801⤵PID:4056