Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:52
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
25f838ebd48927bcc3761163a22bb1c792114eea23deca7e59562777b04ad906.dll
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
25f838ebd48927bcc3761163a22bb1c792114eea23deca7e59562777b04ad906.dll
-
Size
337KB
-
MD5
a9e125f50041e4294e703cc12d2f2379
-
SHA1
756344212170269290971324a3e3f61f6d92a4e2
-
SHA256
25f838ebd48927bcc3761163a22bb1c792114eea23deca7e59562777b04ad906
-
SHA512
45148a404ec18712d20daea4d5eae39ff0615cccdfa46ba0bef3e3e29dd4276507ead905c1f5e406016c25ea37b19f149994ceacc97358707399634000cf4df6
-
SSDEEP
3072:AM7mZAefQHEx+dTOWHT77Iwxrm9tLnhkQRw3LCms9PQMaLjzNpCnO2c+:f7mZAGAs+dTOWH/pVkiGFaLjzNp24+
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1544 3952 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3924 wrote to memory of 3952 3924 rundll32.exe rundll32.exe PID 3924 wrote to memory of 3952 3924 rundll32.exe rundll32.exe PID 3924 wrote to memory of 3952 3924 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\25f838ebd48927bcc3761163a22bb1c792114eea23deca7e59562777b04ad906.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3924 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\25f838ebd48927bcc3761163a22bb1c792114eea23deca7e59562777b04ad906.dll,#12⤵PID:3952
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 6043⤵
- Program crash
PID:1544
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3952 -ip 39521⤵PID:1820