Analysis
-
max time kernel
139s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:55
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a42e8ec86778f1d020d804e2bfe7033b90fc77c9f189935fc06eaa7178194768.dll
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
a42e8ec86778f1d020d804e2bfe7033b90fc77c9f189935fc06eaa7178194768.dll
-
Size
388KB
-
MD5
f0f8e19a400c63ee98832cbc0a400bd8
-
SHA1
d5578d232940f400e78740d76ebe8c5d6f8a70a8
-
SHA256
a42e8ec86778f1d020d804e2bfe7033b90fc77c9f189935fc06eaa7178194768
-
SHA512
98fb99d4a9fdcaf5c2579d7b294417caa4998afe21c7117131aa87ab7d40f92105286ecb76184c6dc35e86e6239a83ec96b32e54936bb4f26c08dab9e1f6fd1f
-
SSDEEP
6144:x8tKA6K1LxgUX5cx7/I1VWqWJ1zmvPUIpuUb5p9TwHlM82lG4:xQ1pOUpcx7/I1XMzmvPEUbTNwHPR4
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1316 1856 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1044 wrote to memory of 1856 1044 rundll32.exe rundll32.exe PID 1044 wrote to memory of 1856 1044 rundll32.exe rundll32.exe PID 1044 wrote to memory of 1856 1044 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a42e8ec86778f1d020d804e2bfe7033b90fc77c9f189935fc06eaa7178194768.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1044 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a42e8ec86778f1d020d804e2bfe7033b90fc77c9f189935fc06eaa7178194768.dll,#12⤵PID:1856
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 6123⤵
- Program crash
PID:1316
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1856 -ip 18561⤵PID:4912