Analysis
-
max time kernel
92s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:55
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
85ab547e342b097997561652cfd1c1f6adf66f4b0552ecb16423e398f483a24f.dll
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
General
-
Target
85ab547e342b097997561652cfd1c1f6adf66f4b0552ecb16423e398f483a24f.dll
-
Size
292KB
-
MD5
62ef645f3831cae277c8d6dbcc2112e9
-
SHA1
c4aa5f36c64889a5a2d49d5d1092585b25247f59
-
SHA256
85ab547e342b097997561652cfd1c1f6adf66f4b0552ecb16423e398f483a24f
-
SHA512
752df371b48ee1deb201f2008d8340147fc991bab3ffedb4f17c35219c7b1b0adbd7d215439798a388f945d9ba75209edc862a0776eb0f2333078a497c84c6dc
-
SSDEEP
6144:xgejiEdVHdmqrL9MRlx3tjAspuUb5p9TwHlM82xp:HjHVH3r2Rlx3WUbTNwHP4
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4104 1892 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 836 wrote to memory of 1892 836 rundll32.exe rundll32.exe PID 836 wrote to memory of 1892 836 rundll32.exe rundll32.exe PID 836 wrote to memory of 1892 836 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\85ab547e342b097997561652cfd1c1f6adf66f4b0552ecb16423e398f483a24f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:836 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\85ab547e342b097997561652cfd1c1f6adf66f4b0552ecb16423e398f483a24f.dll,#12⤵PID:1892
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 6163⤵
- Program crash
PID:4104
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 1892 -ip 18921⤵PID:4588