Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 15:53
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
5afef6b26153bdfd0e8d59d37ead66765f771aae75b0c0fc6c0dbf8cd0dd6b61.dll
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
5afef6b26153bdfd0e8d59d37ead66765f771aae75b0c0fc6c0dbf8cd0dd6b61.dll
-
Size
160KB
-
MD5
ce2593b7bfe6f326c12ae73df5705b6f
-
SHA1
1416afac1b809b74189ed5d812c7a8dfe3956cd0
-
SHA256
5afef6b26153bdfd0e8d59d37ead66765f771aae75b0c0fc6c0dbf8cd0dd6b61
-
SHA512
4ba7b1fe9030fe475ef6357fdffda289e597fe745d67c8e38e1bd9f625366931e3a3e05ee6f19c8dc0e0eac8d49ca6b8647cb79b56cb71c3888393a8c90af8ba
-
SSDEEP
3072:OWt1QgmEC0pfcqMd0ll+GyaL7SED6XPj/M:xegVqjy/L7ZO/j/
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2088 2016 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 3044 wrote to memory of 2016 3044 rundll32.exe rundll32.exe PID 3044 wrote to memory of 2016 3044 rundll32.exe rundll32.exe PID 3044 wrote to memory of 2016 3044 rundll32.exe rundll32.exe PID 3044 wrote to memory of 2016 3044 rundll32.exe rundll32.exe PID 3044 wrote to memory of 2016 3044 rundll32.exe rundll32.exe PID 3044 wrote to memory of 2016 3044 rundll32.exe rundll32.exe PID 3044 wrote to memory of 2016 3044 rundll32.exe rundll32.exe PID 2016 wrote to memory of 2088 2016 rundll32.exe WerFault.exe PID 2016 wrote to memory of 2088 2016 rundll32.exe WerFault.exe PID 2016 wrote to memory of 2088 2016 rundll32.exe WerFault.exe PID 2016 wrote to memory of 2088 2016 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5afef6b26153bdfd0e8d59d37ead66765f771aae75b0c0fc6c0dbf8cd0dd6b61.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3044 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5afef6b26153bdfd0e8d59d37ead66765f771aae75b0c0fc6c0dbf8cd0dd6b61.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2016 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 2243⤵
- Program crash
PID:2088