Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:45
Static task
static1
Behavioral task
behavioral1
Sample
0b55ced84cec2a31f943014ca95597715db401580ed0d15dd742f33806fd894e.dll
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
General
-
Target
0b55ced84cec2a31f943014ca95597715db401580ed0d15dd742f33806fd894e.dll
-
Size
2.2MB
-
MD5
293a955a16806151883d5054340b82e9
-
SHA1
5a5f304877ebdaad180223348e8e541f09f6285b
-
SHA256
0b55ced84cec2a31f943014ca95597715db401580ed0d15dd742f33806fd894e
-
SHA512
7855625e33ab793d872725c35ac4a52e627d868f4474f0fe7e0fc4b6475282c437856b2a62715c37428675a29778ed7b7bb9bdc9f6b0666ec9c579be229511ee
-
SSDEEP
49152:TJd0bM5Fym/8RgJWYM97tQjFozL19wNa/Wg7:VCbM56yJTjFKp9JWg7
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1092 3852 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3188 wrote to memory of 3852 3188 rundll32.exe rundll32.exe PID 3188 wrote to memory of 3852 3188 rundll32.exe rundll32.exe PID 3188 wrote to memory of 3852 3188 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0b55ced84cec2a31f943014ca95597715db401580ed0d15dd742f33806fd894e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3188 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0b55ced84cec2a31f943014ca95597715db401580ed0d15dd742f33806fd894e.dll,#12⤵PID:3852
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 5643⤵
- Program crash
PID:1092
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 3852 -ip 38521⤵PID:5072