Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 15:55
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c5e845e2ddf8a5f40394d7d4840c7441c0aa26ebec93020a6ac5d380a759b5c4.dll
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
c5e845e2ddf8a5f40394d7d4840c7441c0aa26ebec93020a6ac5d380a759b5c4.dll
-
Size
276KB
-
MD5
f2a8dba317bc319dc46f811c604057fc
-
SHA1
d0bbcbd28021d080e5c58f60a639d410d55c5d3f
-
SHA256
c5e845e2ddf8a5f40394d7d4840c7441c0aa26ebec93020a6ac5d380a759b5c4
-
SHA512
0cea40e27efdaef61a4d62b08d164a93bc151953053349d14b3fd5eea3fa7806955f45aa3e33aee134fa0124a681b84834eb3deb945613da0cc9ca60a86975b8
-
SSDEEP
6144:SzmPaTbk12Al0uZGvtdZysYpuUb5p9TwHlM823HNb:4mPaTbk1240vvt5UbTNwHPw
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3024 2984 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 2968 wrote to memory of 2984 2968 rundll32.exe rundll32.exe PID 2968 wrote to memory of 2984 2968 rundll32.exe rundll32.exe PID 2968 wrote to memory of 2984 2968 rundll32.exe rundll32.exe PID 2968 wrote to memory of 2984 2968 rundll32.exe rundll32.exe PID 2968 wrote to memory of 2984 2968 rundll32.exe rundll32.exe PID 2968 wrote to memory of 2984 2968 rundll32.exe rundll32.exe PID 2968 wrote to memory of 2984 2968 rundll32.exe rundll32.exe PID 2984 wrote to memory of 3024 2984 rundll32.exe WerFault.exe PID 2984 wrote to memory of 3024 2984 rundll32.exe WerFault.exe PID 2984 wrote to memory of 3024 2984 rundll32.exe WerFault.exe PID 2984 wrote to memory of 3024 2984 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c5e845e2ddf8a5f40394d7d4840c7441c0aa26ebec93020a6ac5d380a759b5c4.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2968 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c5e845e2ddf8a5f40394d7d4840c7441c0aa26ebec93020a6ac5d380a759b5c4.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2984 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 2243⤵
- Program crash
PID:3024